Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
Martin Thomson <martin.thomson@gmail.com> Tue, 12 January 2016 00:33 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC5C71ACC82 for <tls@ietfa.amsl.com>; Mon, 11 Jan 2016 16:33:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQT08kx0wCh6 for <tls@ietfa.amsl.com>; Mon, 11 Jan 2016 16:33:12 -0800 (PST)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 640281ACC83 for <tls@ietf.org>; Mon, 11 Jan 2016 16:33:12 -0800 (PST)
Received: by mail-io0-x22b.google.com with SMTP id g73so171196748ioe.3 for <tls@ietf.org>; Mon, 11 Jan 2016 16:33:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mWd0qA373duq2oFB8qR2uLd5I03Inwek0FKNZbiW5JM=; b=AqNpD9jv/JiTAFcgcLk9pywSK6mseY1S3DlWvvnsEHWt8cC3xkcSO8MoxQVOBEknTz /8Ak7IpXhscO0P3ZZvQK/d5H6sjqJwUKgWkJQQn59B79R24ql1MjkQz5nYl9AuzQuHGT i9RkDi+3bp3BbiOT+7AHn0L8MZBpxdelc27AKYZm9ihrf/vib0Ziy4EVT+AVQugNkBvP g/GEJnjMO4JlVaUL6rqiIfxKPDZibE5kjoMc6omY2Qq3Cq0YXQecwN43iPt1OY0SqpWw GmIfK0y9DQEjIbLkmna5rlC53WvBvq10JeRkJ7Q/N7hvYLMe0x/f4Gc1IWW69Np4hQfq FIMA==
MIME-Version: 1.0
X-Received: by 10.107.33.12 with SMTP id h12mr59873322ioh.108.1452558791771; Mon, 11 Jan 2016 16:33:11 -0800 (PST)
Received: by 10.36.149.130 with HTTP; Mon, 11 Jan 2016 16:33:11 -0800 (PST)
In-Reply-To: <20160111183017.GA12243@roeckx.be>
References: <20160111183017.GA12243@roeckx.be>
Date: Tue, 12 Jan 2016 11:33:11 +1100
Message-ID: <CABkgnnVXF8UB91vH6PUmCxv950mVeUEwyOenCFhnqwTZpzPtHg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qabUKhkJlbBpubppK6f55c3oi7g>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 00:33:13 -0000
On 12 January 2016 at 05:30, Kurt Roeckx <kurt@roeckx.be> wrote: > After the SLOTH paper, we should think about starting to deprecate > TLS 1.0 and TLS 1.1 and the SHA1 based signature algorithms in TLS > 1.2. Let's be clear about this: TLS 1.0 represents far too high a proportion of our usage to remove it at this point. TLS 1.2 growth is still solid, but it really isn't that long ago that we turned on TLS 1.2. The encouragement we give people to upgrade will remain our best option until TLS 1.0 usage drops an awful lot.
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… David Benjamin
- [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature… Kurt Roeckx
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Tony Arcieri
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… David Benjamin
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Yuhong Bao
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Viktor Dukhovni
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Watson Ladd
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Martin Thomson
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Bill Frantz
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Samuel Neves
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Watson Ladd
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- [TLS] MD5 diediedie (was Re: Deprecating TLS 1.0,… Dave Garrett
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Yuhong Bao
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Loganaden Velvindron
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Viktor Dukhovni
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Dave Garrett
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Tony Arcieri
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Karthikeyan Bhargavan
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Stephen Farrell
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Martin Rex
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Hubert Kario
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Karthikeyan Bhargavan
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Hubert Kario
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Hubert Kario
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Dave Garrett