Ben,
Thanks for pointing out I missed a couple. Inline …
spt
> On Aug 13, 2020, at 13:54, Benjamin Kaduk wrote:
>
> Hi Kathleen,
>
> Also inline.
>
> On Wed, Aug 12, 2020 at 04:29:56PM -0400, Kathleen Moriarty wrote:
>> Hi Ben,
>>
>> Thanks for your review. Some initial responses are inlin
Thanks, Sean, the linked pull requests seem to do the trick.
Skimming through
https://mailarchive.ietf.org/arch/msg/tls/K9_uA6m0dD_oQCw-5kAbha-Kq5M/ once
more, I think I still plan to put out a status-change document to move RFC
5469 (IDEA and DES ciphers) to Historic in parallel with the IETF LC
I know that saying this will have no effect, but I'd
rather see deprecation of just TLS 1.0 and retain
version 1.1 as not recommended.
Also, we should not abandon RFC 7507 (downgrade
protection SCSV). What harm is there in keeping it
around? None.
Mike
_
Hi Mike,
On Tue, Oct 13, 2020 at 03:09:15PM -0400, Michael D'Errico wrote:
> I know that saying this will have no effect, but I'd
> rather see deprecation of just TLS 1.0 and retain
> version 1.1 as not recommended.
Saying that it's your preference without saying why is likely to have
little effe
> Saying that it's your preference without saying why is likely
> to have little effect, yes. (We endeavor to make decisions
> based on technical merit, not voting, after all.) Why do you
> want this?
Hi,
I think the advice should be: "If your code currently
only supports TLS 1.0, please spend
> Recommending that people wholesale abandon
their legacy system and implement TLS (1.2 and)
1.3 is asking too much, and will largely be ignored
by the people who would be able to add 1.1 to their
1.0 code.
The folks you have to convince isn't just the IETF, but rather groups lik
> On Oct 13, 2020, at 14:34, Benjamin Kaduk wrote:
>
> I think we still need to check for the latest version of the SP800-52r2
> reference, too.
You are correct - the date should be August 2019:
https://github.com/tlswg/oldversions-deprecate/pull/8
spt
__
Hi Mike,
On Tue, Oct 13, 2020 at 03:59:27PM -0400, Michael D'Errico wrote:
> > Saying that it's your preference without saying why is likely
> > to have little effect, yes. (We endeavor to make decisions
> > based on technical merit, not voting, after all.) Why do you
> > want this?
>
> Hi,
>
