Thanks for writing this. I would be in favor of deprecating old versions of TLS prior to 1.2. Firefox Telemetry shows that about 1% of our connections are TLS 1.1 (on the same data set, TLS 1.3 is > 5%), and TLS 1.1 is negligible.
This is probably a higher number than we'd be comfortable turning off immediately, but it is probably worth starting the process. -Ekr On Mon, Jul 9, 2018 at 9:40 AM, Kathleen Moriarty < kathleen.moriarty.i...@gmail.com> wrote: > Hello, > > Stephen and I posted the draft below to see if the TLS working group > is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has > been a recent drop off in usage for web applications due to the PCI > Council recommendation to move off TLSv1.0, with a recommendation to > go to TLSv1.2 by June 30th. NIST has also been recommending TLSv1.2 > as a baseline. Applications other than those using HTTP may not have > had the same reduction in usage. If you are responsible for services > where you have a reasonable vantage point to gather and share > statistics to assess usage further, that could be helpful for the > discussion. We've received some feedback that has been incorporated > into the working draft and feelers in general have been positive. It > would be good to know if there are any show stoppers that have not > been considered. > > https://github.com/sftcd/tls-oldversions-diediedie > > Thanks in advance, > Kathleen > > > ---------- Forwarded message ---------- > From: <internet-dra...@ietf.org> > Date: Mon, Jun 18, 2018 at 3:05 PM > Subject: New Version Notification for > draft-moriarty-tls-oldversions-diediedie-00.txt > To: Stephen Farrell <stephen.farr...@cs.tcd.ie>, Kathleen Moriarty > <kathleen.moriarty.i...@gmail.com> > > > > A new version of I-D, draft-moriarty-tls-oldversions-diediedie-00.txt > has been successfully submitted by Stephen Farrell and posted to the > IETF repository. > > Name: draft-moriarty-tls-oldversions-diediedie > Revision: 00 > Title: Deprecating TLSv1.0 and TLSv1.1 > Document date: 2018-06-18 > Group: Individual Submission > Pages: 10 > URL: > https://www.ietf.org/internet-drafts/draft-moriarty-tls- > oldversions-diediedie-00.txt > Status: > https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/ > Htmlized: > https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-moriarty-tls- > oldversions-diediedie > > > Abstract: > This document [if approved] formally deprecates Transport Layer > Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves > these documents to the historic state. These versions lack support > for current and recommended cipher suites, and various government and > industry profiiles of applications using TLS now mandate avoiding > these old TLS versions. TLSv1.2 has been the recommended version for > IETF protocols since 2008, providing sufficient time to transition > away from older versions. Products having to support older versions > increase the attack surface unnecessarily and increase opportunities > for misconfigurations. Supporting these older versions also requires > additional effort for library and product maintenance. > > This document updates the backward compatibility sections of TLS RFCs > [[list TBD]] to prohibit fallback to TLSv1.0 and TLSv1.1. This > document also updates RFC 7525. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
