Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by ietfa.amsl.com (Postfix) with ESMTP id 16093C14E515
	for <tls@ietfa.amsl.com>; Tue,  3 Sep 2024 17:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level: 
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001,
	SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
	URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001,
	URIBL_ZEN_BLOCKED_OPENDNS=0.001]
	autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
	header.d=salowey-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194])
	by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id sd4vHNPuhO8b for <tls@ietfa.amsl.com>;
	Tue,  3 Sep 2024 17:27:09 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com
 [IPv6:2a00:1450:4864:20::22f])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by ietfa.amsl.com (Postfix) with ESMTPS id 2453FC14F61A
	for <tls@ietf.org>; Tue,  3 Sep 2024 17:27:09 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id
 38308e7fff4ca-2f3f25a1713so71075931fa.2
        for <tls@ietf.org>; Tue, 03 Sep 2024 17:27:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=salowey-net.20230601.gappssmtp.com; s=20230601; t=1725409627;
 x=1726014427; darn=ietf.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=V9y54bk5PoYTjuBDBHNd9BpzV9NZfYXf3R1qWmIGT5A=;
        b=WZk6hvDS+a6I9g9gR3BGgpW15w47rfaDzB/bsFrbT7z4lFtvtDCAX966A1pjV1t6Ez
         o3np1bX0s10lVbwgT3c89XVZP7Qw9laAJmS5zSmF3CHgSPvl/BLU6jNtqJlMNpCZDjFb
         Z3UtL2F2U5Y64RMrUbm8JRtMnhthdxuVzi/C+3ZaPmPoIQEp2H3iY3LWfiloByHPeHKU
         zbXoBQS2F4jLzC5Sw+cjFTpqeBlN+Y51rGKH6t8GrrRXV2Yd+epKsFnQ9NYul7DEJw9X
         lQ6e3yDUOsZDZMAN4HVj+N3X3vVhv518Z0iR0eTGhBPWwUTosNB1GRJojHGcFmVM9ltq
         S/SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1725409627; x=1726014427;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=V9y54bk5PoYTjuBDBHNd9BpzV9NZfYXf3R1qWmIGT5A=;
        b=MCPeqPVrcmfmwnhQRvxOFXWn2KEwnKOze+SJF3K2TEnqLt9IAj0WOjssw+SpWxCKfm
         JSkNweW4s61Z4pMXbLAnU6rPczr99sOhrkWcStkcnpNpWzA/mb6Rtbpm5+8p5RqroLdp
         D94eq0pwLO1faTELBNXF5CfGsZY90lQLN1RfN/dEyk86nraBaqMnIBTfwySrhf9Fecj5
         oVPdxwkYbRux0E1E15/VxzJwie+GHFpkk3xi+EVSGwe01kCS86V2eA9aZe4sQOryBY3a
         TyTTEgDAyC3AUBgI78w9WuiW+URThTG8y8eYvJZToviq1GDgqp/KtKvs4qbxODqDHN5R
         oY3Q==
X-Gm-Message-State: AOJu0YxlzKipNnxlwfbqO6P5YfBRvEokWLOav299J3uH8gOqulbVD/x8
	66iwx0xaMDVRo7km8F4nDDgHIiiZZBpvtbfRqFqXpivNlRpQk0HzbyxMSzY0mLtL8iKXLYn9K3m
	BhPVETsrkfr5APt+LuFgE7Owvfao1by63Y/V2EgihHLMx+IvTpc9QSQ==
X-Google-Smtp-Source: 
 AGHT+IFmwDkgVA+JJVHkReRC/MfPRp9q444udZau5lyedZfBhQtOQlzFqGzLkxwsuR3OREWzSxjkvzaFRiFMc8MxDOs=
X-Received: by 2002:a2e:a589:0:b0:2f3:cd4e:b929 with SMTP id
 38308e7fff4ca-2f6265d773bmr87092741fa.34.1725409625559; Tue, 03 Sep 2024
 17:27:05 -0700 (PDT)
MIME-Version: 1.0
References: 
 <172535470010.1356255.17677428956305141236@dt-datatracker-68b7b78cf9-q8rsp>
In-Reply-To: 
 <172535470010.1356255.17677428956305141236@dt-datatracker-68b7b78cf9-q8rsp>
From: Joseph Salowey <joe@salowey.net>
Date: Tue, 3 Sep 2024 17:26:54 -0700
Message-ID: 
 <CAOgPGoBRG580zRmPJAURFNsSUc5v32S-NUqXLrxSQWbJpVgFPQ@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d2f6c20621403b30"
Message-ID-Hash: ZTHHNUKSND5FTEI5B5QPXH7REM6534YS
X-Message-ID-Hash: ZTHHNUKSND5FTEI5B5QPXH7REM6534YS
X-MailFrom: joe@salowey.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-tls.ietf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: i-d-announce@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: =?utf-8?q?=5BTLS=5D_Re=3A_I-D_Action=3A_draft-ietf-tls-deprecate-obsolete-ke?=
	=?utf-8?q?x-05=2Etxt?=
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/tls/y8TZYEW9bca68-CrWFAjRypPiLw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

--000000000000d2f6c20621403b30
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I will be hitting the button to submit this to the IESG next week.  The
revisions based on the earlier consensus calls have been made and
references to updated RFCs have been cleaned up.  You can use the diffi
tool to see the comparison with the -03 version -
https://author-tools.ietf.org/iddiff?url1=3Ddraft-ietf-tls-deprecate-obsole=
te-kex-03&url2=3Ddraft-ietf-tls-deprecate-obsolete-kex-05&difftype=3D--html=
.
 Let me know if you spot any concerns with the document.

Thanks,

Joe

On Tue, Sep 3, 2024 at 2:13=E2=80=AFAM <internet-drafts@ietf.org> wrote:

> Internet-Draft draft-ietf-tls-deprecate-obsolete-kex-05.txt is now
> available.
> It is a work item of the Transport Layer Security (TLS) WG of the IETF.
>
>    Title:   Deprecating Obsolete Key Exchange Methods in TLS 1.2
>    Authors: Carrick Bartle
>             Nimrod Aviram
>    Name:    draft-ietf-tls-deprecate-obsolete-kex-05.txt
>    Pages:   21
>    Dates:   2024-09-03
>
> Abstract:
>
>    This document deprecates the use of RSA key exchange and Diffie
>    Hellman over a finite field in TLS 1.2, and discourages the use of
>    static elliptic curve Diffie Hellman cipher suites.
>
>    Note that these prescriptions apply only to TLS 1.2 since TLS 1.0 and
>    1.1 are deprecated by RFC 8996 and TLS 1.3 either does not use the
>    affected algorithm or does not share the relevant configuration
>    options.
>
>    This document updates RFCs 9325, 4346, 5246, 4162, 6347, 5932, 5288,
>    6209, 6367, 8422, 5289, 5469, 4785, 4279, 5487, 6655, and 7905.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/
>
> There is also an HTML version available at:
>
> https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-05.=
html
>
> A diff from the previous version is available at:
>
> https://author-tools.ietf.org/iddiff?url2=3Ddraft-ietf-tls-deprecate-obso=
lete-kex-05
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

--000000000000d2f6c20621403b30
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I will be hitting the button to submit this to the IESG ne=
xt week.=C2=A0 The revisions based on the earlier consensus calls have been=
 made and references to updated RFCs have been cleaned up.=C2=A0 You can us=
e the diffi tool to see the comparison with the -03 version -=C2=A0<a href=
=3D"https://author-tools.ietf.org/iddiff?url1=3Ddraft-ietf-tls-deprecate-ob=
solete-kex-03&amp;url2=3Ddraft-ietf-tls-deprecate-obsolete-kex-05&amp;difft=
ype=3D--html">https://author-tools.ietf.org/iddiff?url1=3Ddraft-ietf-tls-de=
precate-obsolete-kex-03&amp;url2=3Ddraft-ietf-tls-deprecate-obsolete-kex-05=
&amp;difftype=3D--html</a>.=C2=A0 =C2=A0Let me know if you spot any concern=
s with the document.<div><br></div><div>Thanks,</div><div><br></div><div>Jo=
e</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail=
_attr">On Tue, Sep 3, 2024 at 2:13=E2=80=AFAM &lt;<a href=3D"mailto:interne=
t-drafts@ietf.org">internet-drafts@ietf.org</a>&gt; wrote:<br></div><blockq=
uote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1p=
x solid rgb(204,204,204);padding-left:1ex">Internet-Draft draft-ietf-tls-de=
precate-obsolete-kex-05.txt is now available.<br>
It is a work item of the Transport Layer Security (TLS) WG of the IETF.<br>
<br>
=C2=A0 =C2=A0Title:=C2=A0 =C2=A0Deprecating Obsolete Key Exchange Methods i=
n TLS 1.2<br>
=C2=A0 =C2=A0Authors: Carrick Bartle<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Nimrod Aviram<br>
=C2=A0 =C2=A0Name:=C2=A0 =C2=A0 draft-ietf-tls-deprecate-obsolete-kex-05.tx=
t<br>
=C2=A0 =C2=A0Pages:=C2=A0 =C2=A021<br>
=C2=A0 =C2=A0Dates:=C2=A0 =C2=A02024-09-03<br>
<br>
Abstract:<br>
<br>
=C2=A0 =C2=A0This document deprecates the use of RSA key exchange and Diffi=
e<br>
=C2=A0 =C2=A0Hellman over a finite field in TLS 1.2, and discourages the us=
e of<br>
=C2=A0 =C2=A0static elliptic curve Diffie Hellman cipher suites.<br>
<br>
=C2=A0 =C2=A0Note that these prescriptions apply only to TLS 1.2 since TLS =
1.0 and<br>
=C2=A0 =C2=A01.1 are deprecated by RFC 8996 and TLS 1.3 either does not use=
 the<br>
=C2=A0 =C2=A0affected algorithm or does not share the relevant configuratio=
n<br>
=C2=A0 =C2=A0options.<br>
<br>
=C2=A0 =C2=A0This document updates RFCs 9325, 4346, 5246, 4162, 6347, 5932,=
 5288,<br>
=C2=A0 =C2=A06209, 6367, 8422, 5289, 5469, 4785, 4279, 5487, 6655, and 7905=
.<br>
<br>
The IETF datatracker status page for this Internet-Draft is:<br>
<a href=3D"https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsole=
te-kex/" rel=3D"noreferrer" target=3D"_blank">https://datatracker.ietf.org/=
doc/draft-ietf-tls-deprecate-obsolete-kex/</a><br>
<br>
There is also an HTML version available at:<br>
<a href=3D"https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolet=
e-kex-05.html" rel=3D"noreferrer" target=3D"_blank">https://www.ietf.org/ar=
chive/id/draft-ietf-tls-deprecate-obsolete-kex-05.html</a><br>
<br>
A diff from the previous version is available at:<br>
<a href=3D"https://author-tools.ietf.org/iddiff?url2=3Ddraft-ietf-tls-depre=
cate-obsolete-kex-05" rel=3D"noreferrer" target=3D"_blank">https://author-t=
ools.ietf.org/iddiff?url2=3Ddraft-ietf-tls-deprecate-obsolete-kex-05</a><br=
>
<br>
Internet-Drafts are also available by rsync at:<br>
rsync.ietf.org::internet-drafts<br>
<br>
<br>
_______________________________________________<br>
TLS mailing list -- <a href=3D"mailto:tls@ietf.org" target=3D"_blank">tls@i=
etf.org</a><br>
To unsubscribe send an email to <a href=3D"mailto:tls-leave@ietf.org" targe=
t=3D"_blank">tls-leave@ietf.org</a><br>
</blockquote></div>

--000000000000d2f6c20621403b30--