On Mon, Jul 9, 2018 at 7:42 PM Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> wrote: > Stephen and I posted the draft below to see if the TLS working group > is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has > been a recent drop off in usage for web applications due to the PCI > Council recommendation to move off TLSv1.0, with a recommendation to > go to TLSv1.2 by June 30th.
Err, sorry, but – to make it one hundred per cent correct – it seems like PCI SSC has just deprecated TLS v1.0 _only_. "Migrating from SSL and Early TLS", version 1.1: "The best response is to disable SSL entirely and migrate to a more modern encryption protocol, which at the time of publication is a minimum of TLS v1.1" https://www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf draft-moriarty-diediedie also mentions PCI SSC requirements. Do I get anything wrong here? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
