John, you reference RFC 7540 and I believe you wanted to refer to RFC 7925
instead.
RFC 7925 talks about the Extended Master Secret extension, Signature Algorithm
extension, and
OCSP stapling.
Ciao
Hannes
-Original Message-
From: saag On Behalf Of John Mattsson
Sent: Samstag, 5. Okto
On Fri, Sep 27, 2019, at 1:45 AM, Stephen Farrell wrote:
>
>
> On 27/09/2019 04:50, Martin Thomson wrote:
> > On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
> """The expectation is that TLSv1.2 will continue to be used
> for many years alongside TLSv1.3."""
> >>
> >> So is your
"hannes.tschofe...@gmx.net" wrote:
> PS: As Kathleen noted TLS 1.2 and DTLS 1.2 are perfectly fine if you follow
> RFC 7925/7525.
While TLS 1.2 and DTLS 1.2 can be configured to be secure, RFC 7525 is
definitely not enough. RFC 7540 would be a good start, but also that would need
to be extend
hannes.tschofe...@gmx.net writes:
>IMHO the problem with deprecation is not in the IETF but rather with the
>deployments.
>
>PS: As Kathleen noted TLS 1.2 and DTLS 1.2 are perfectly fine if you follow
>RFC 7925/7525.
Maybe the text could be updated to have one section of text for the web and
on
f a dependency on >some of the TLS 1.2 idiosyncrasies.
>>
>> I agree with Martin, and irrespectively of whether it is true or not, I
>> do not see any need to have this sentence in an IETF draft.
>>
>
> As for this sentence, we'll see where the discussion settl
IMHO the problem with deprecation is not in the IETF but rather with the
deployments.
Ciao
Hannes
PS: As Kathleen noted TLS 1.2 and DTLS 1.2 are perfectly fine if you follow RFC
7925/7525.
-Original Message-
From: TLS On Behalf Of John Mattsson
Sent: Donnerstag, 26. September 2019 14
some of the TLS 1.2 idiosyncrasies.
>
> I agree with Martin, and irrespectively of whether it is true or not, I do
> not see any need to have this sentence in an IETF draft.
>
As for this sentence, we'll see where the discussion settles out - removing
or altering it.
Best regards,
you read a draft and it's an easy thing to catch if you're
skimming a draft as an AD with 400 pages of reading to get through for a
telechat.
Bets regards,
Kathleen
> Cheers,
> John
>
> -Original Message-
> From: Kathleen Moriarty
> Date: Thursday, 26 September
TF draft.
Cheers,
John
-Original Message-
From: TLS on behalf of Martin Thomson
Date: Friday, 27 September 2019 at 02:03
To: "TLS@ietf.org"
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
So I agree with Kathleen's conclusion: not to ch
at 15:50
To: "Salz, Rich"
Cc: John Mattsson , "TLS@ietf.org" ,
"s...@ietf.org"
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
Sent from my mobile device
> On Sep 26, 2019, at 9:02 AM, Salz, Rich wrote:
>
&g
I would be more inclined to rephrase the text so that it reflects what we
think is ideal rather than what we think is non-ideal. I proposed three
edits to encourage to move to - or at least consider moving to TLS 1.3,
while still leaving some place for room to stay with TLS 1.2.
Yours,
Daniel
On
Hiya,
On 27/09/2019 21:14, Benjamin Kaduk wrote:
> I had a run of several substantial events in my personal life earlier
> this year, that let the queue of documents in "publication requested"
Sorry to hear that.
> (https://datatracker.ietf.org/doc/ad/benjamin.kaduk) build up for
> 2-3 months.
On Fri, Sep 27, 2019 at 09:45:04AM +0100, Stephen Farrell wrote:
>
>
> On 27/09/2019 04:50, Martin Thomson wrote:
> > On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
> """The expectation is that TLSv1.2 will continue to be used
> for many years alongside TLSv1.3."""
> >>
> >> So
<
> stephen.farr...@cs.tcd.ie>, "tls@ietf.org"
> *Subject: *Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
>
>
>
> Perhaps we could rewrite this text so that it reflects that we think this
> is non-ideal.?
>
>
>
>
>
>
>
&g
I could even accept with “, unfortunately” :)
From: Eric Rescorla
Date: Friday, September 27, 2019 at 1:11 PM
To: Rich Salz
Cc: Martin Thomson , Stephen Farrell
, "tls@ietf.org"
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
Perhaps we could rewrite th
Perhaps we could rewrite this text so that it reflects that we think this
is non-ideal.?
On Fri, Sep 27, 2019 at 9:16 AM Salz, Rich wrote:
>
>
> On 9/26/19, 11:51 PM, "Martin Thomson" wrote:
>
> On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
> > >> """The expectation is that
On 9/26/19, 11:51 PM, "Martin Thomson" wrote:
On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
> >> """The expectation is that TLSv1.2 will continue to be used for
> >> many years alongside TLSv1.3."""
>
> So is your proposed change to only remove that sentence?
Hi,
My 2 cents, I think a kind of overview page with status about
protocols, ciphers an others would helps a lot. Something near of what
is done in https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher
This would be the page to know to be updated about security
deprecation and plan
Hi,
Maybe I am missing the point, but I do not see any reasons to not
explicitly recommend adoption of the latest version (i.e. TLS 1.3).
While the document deprecates old version, providing explicitly the status
of the non deprecated versions seems to me in scope of the document. As
such, clearl
On 27/09/2019 04:50, Martin Thomson wrote:
> On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
"""The expectation is that TLSv1.2 will continue to be used
for many years alongside TLSv1.3."""
>>
>> So is your proposed change to only remove that sentence?
>
> I just checked, and i
On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
> >> """The expectation is that TLSv1.2 will continue to be used for
> >> many years alongside TLSv1.3."""
>
> So is your proposed change to only remove that sentence?
I just checked, and it seems like the only thing the document says along t
On Thu, Sep 26, 2019 at 8:03 PM Martin Thomson wrote:
> So I agree with Kathleen's conclusion: not to change the goals of the
> current document. But there are changes that I think are necessary (and
> thanks to Daniel and John for highlighting these).
>
> BTW, I've moved this to the TLS working
Hiya,
On 27/09/2019 01:02, Martin Thomson wrote:
> So I agree with Kathleen's conclusion:
Me too, FWIW.
> not to change the goals of the
> current document. But there are changes that I think are necessary
> (and thanks to Daniel and John for highlighting these).
>
> BTW, I've moved this to
So I agree with Kathleen's conclusion: not to change the goals of the current
document. But there are changes that I think are necessary (and thanks to
Daniel and John for highlighting these).
BTW, I've moved this to the TLS working group, because this is an active topic
there and I don't see
Thanks for raising this discussion John, we have been struggling with this
in curdle as well and ipsecme. This is also a topic that I believe would be
useful to improve the security.
One aspect is that some implementers go to the IANA pages and believe that
everything on the pages is acceptable. I
Sent from my mobile device
> On Sep 26, 2019, at 9:02 AM, Salz, Rich wrote:
>
> These are excellent points. Perhaps they can be squeezed into
> https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ ?
> It's been waiting 90 days, a brief reset might not hurt :)
>
This wou
These are excellent points. Perhaps they can be squeezed into
https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ ? It's
been waiting 90 days, a brief reset might not hurt :)
On 9/26/19, 8:18 AM, "John Mattsson"
wrote:
Hi,
Hopefully, we have learned some le
27 matches
Mail list logo
