On Fri, Apr 26, 2019 at 5:29 PM Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> > On Apr 26, 2019, at 11:24 AM, Salz, Rich <rs...@akamai.com> wrote: > > > > If they haven’t already moved off TLS 1 then maybe this document will > give the right people a push to do so. > > > > Nobody is going to arrest an MTA for non compliance. > > Of course. > > And as I said, I'd like to see the document move forward, I just > wanted to see whether there was any appetite for adding some > operator guidance. It's not an issue of internet policing, > rather it is a question of whether there should advice for > operators who are considering disabling the legacy protocols. > > The sound-bite version is: first raise the ceiling, *then* the floor. > > The advice would therefore be for everyone to first make sure that > their systems support at least TLS 1.2, and not just the now deprecated > versions. And then check whether the same holds true for their application > ecosystem and if so disable the protocols at that time. > > In unauthenticated opportunistic TLS where cleartext is used when TLS > handshakes fail, removing support for TLS 1.0 can reduce security in the > short term (some messages needlessly going in cleartext). Yes, this may > be what it takes to finally get the long tail procrastinators to upgrade. > > The operational question then boils down to timing: when is your > application > ecosystem ready to drop the training wheels. > > Anyway, it does not look like there's much interest in adding operational > considerations, which users will then perhaps learn about elsewhere if > need be. That's fine... > Thanks for your follow up assessment on this from the WG. It seems we are in agreement. I appreciate your review, consideration, and attention to deployment statistics for this move. Best regards, Kathleen > > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Best regards, Kathleen
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
