Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Gary Gapinski <gary@garygapinski.com> Wed, 24 April 2019 13:51 UTC

Return-Path: <gary@garygapinski.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E1C212015F for <tls@ietfa.amsl.com>; Wed, 24 Apr 2019 06:51:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.176
X-Spam-Level:
X-Spam-Status: No, score=-1.176 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nn32rqKW1dIq for <tls@ietfa.amsl.com>; Wed, 24 Apr 2019 06:51:34 -0700 (PDT)
Received: from server276.com (server276.com [192.252.144.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E764F120020 for <tls@ietf.org>; Wed, 24 Apr 2019 06:51:33 -0700 (PDT)
Received: (qmail 29970 invoked by uid 503); 24 Apr 2019 13:51:30 -0000
Received: from unknown (HELO nuc7i7bnh.650ncr.com) (gary@garygapinski.com@66.119.109.100) by server276.com with ESMTPA; 24 Apr 2019 13:51:30 -0000
To: tls@ietf.org
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com>
From: Gary Gapinski <gary@garygapinski.com>
Message-ID: <7f76d36c-962b-78fe-87ab-e17c31430cb3@garygapinski.com>
Date: Wed, 24 Apr 2019 09:51:28 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com>
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/s3w8NHvwGbVP1ilTOBME5bNZojg>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 13:51:35 -0000

On 4/12/19 7:28 PM, Christopher Wood wrote:
This is the working group last call for the "Deprecating TLSv1.0 and TLSv1.1” draft available at:

    https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/" rel="nofollow">https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/

Please review the document and send your comments to the list by April 26, 2019.

I think the document should be published.

I agree with Martin Thomson's observation that the SP 800-52r2 quotes in Section 2 are a bit prolix considering the relatively small content that would remain if excised, and that NIST document has been in draft for a prolonged time (reducing its authority). The quotes imply but do not demand disuse of TLS 1.0 and TLS 1.1, and could inadvertently be interpreted to mean that use of TLS 1.2 rather than TLS 1.3 is sinful.

An additional (congenial) informative reference could be BSI TR-02102-2 found at

https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/tr02102/index_htm.html" rel="nofollow">https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/tr02102/index_htm.html

which in §3.2 states "TLS 1.0 and TLS 1.1 are not recommended".

Regards,

Gary