On Wed, Aug 05, 2020 at 10:30:39AM +0000, tom petch wrote: > From: TLS <tls-boun...@ietf.org> on behalf of Christopher Wood > <c...@heapingbits.net> > Sent: 04 August 2020 19:16 > > The official minutes are now up: > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_minutes-2D108-2Dtls_&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=bJwecPEDnXCm7Huw2ovjHwHyzCjhyu2kGMG-qijduH0&s=ksaUzUpfyd4LFplcfnjfXdGBN-jTrMiqS2Z1vk_Iftw&e= > > > <tp> > What is Benjamin talking about at the end? > > It looks as if you are proposing action on all or some RFC that have TLS 1.0 > or 1.1 as MTI, related to oldversions-deprecate but that is a guess from > reading between the lines and that topic is a live one for me so I would > appreciate clarity.
oldversions-deprecate is already taking action on all RFCs that have TLS 1.0 or 1.1 as MTI (there are some 80-odd documents in the Updates: header). The particular itesm I was mentioning in the meeting relate to various subsets of those documents that may need some additional handling on top of the basic "don't use TLS 1.0/1.1; use 1.2 and 1.3 instead" that is currently the content of the updates. Details are at https://mailarchive.ietf.org/arch/msg/tls/K9_uA6m0dD_oQCw-5kAbha-Kq5M/ So: - RFC 5469 defines DES and IDEA ciphers that are not in TLS 1.2; the document as a whole should be historic - The downgrade-detection SCSV of RFC 7507 is probably in a similar boat - We should be more clear about "if the document being updated says you MUST use TLS 1.0/1.1, that part is removed" - No change proposed w.r.t. MTI ciphers (even though the old MTI ciphers are no longer considered very good) Were there additional specific items you were unsure about? -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
