[TLS] Last Call: <draft-ietf-tls-deprecate-obsolete-kex-05.txt> (Deprecating Obsolete Key Exchange Methods in TLS 1.2) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 14 April 2025 19:11 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from [10.244.8.129] (unknown [104.131.183.230]) by mail2.ietf.org (Postfix) with ESMTP id B21E31BE0905; Mon, 14 Apr 2025 12:11:54 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 12.38.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <174465791448.1145596.1193777881323906684@dt-datatracker-64c5c9b5f9-hz6qg>
Date: Mon, 14 Apr 2025 12:11:54 -0700
Message-ID-Hash: 67DWSTF72IPWQYSJ6H43JMUZXJTO4TXC
X-Message-ID-Hash: 67DWSTF72IPWQYSJ6H43JMUZXJTO4TXC
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-deprecate-obsolete-kex@ietf.org, paul.wouters@aiven.io, tls-chairs@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: last-call@ietf.org
Subject: [TLS] Last Call: <draft-ietf-tls-deprecate-obsolete-kex-05.txt> (Deprecating Obsolete Key Exchange Methods in TLS 1.2) to Proposed Standard
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/s1I16U5fHx9LGa8aKot7IsZzVr8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Deprecating Obsolete Key Exchange Methods in TLS 1.2' <draft-ietf-tls-deprecate-obsolete-kex-05.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2025-04-28. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document deprecates the use of RSA key exchange and Diffie Hellman over a finite field in TLS 1.2, and discourages the use of static elliptic curve Diffie Hellman cipher suites. Note that these prescriptions apply only to TLS 1.2 since TLS 1.0 and 1.1 are deprecated by RFC 8996 and TLS 1.3 either does not use the affected algorithm or does not share the relevant configuration options. This document updates RFCs 9325, 4346, 5246, 4162, 6347, 5932, 5288, 6209, 6367, 8422, 5289, 5469, 4785, 4279, 5487, 6655, and 7905. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6209: Addition of the ARIA Cipher Suites to Transport Layer Security (TLS) (Informational - Internet Engineering Task Force (IETF) stream) rfc6367: Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) (Informational - Internet Engineering Task Force (IETF) stream)