> Saying that it's your preference without saying why is likely > to have little effect, yes. (We endeavor to make decisions > based on technical merit, not voting, after all.) Why do you > want this?
Hi, I think the advice should be: "If your code currently only supports TLS 1.0, please spend a week or two adding support for both TLS 1.1 and the downgrade protection SCSV." Since the vast majority of the 1.0 and 1.1 specifications is the same, someone who takes the advice has a good chance of succeeding. (You could then also say which other extensions are important and why, roughly in order of importance.) Recommending that people wholesale abandon their legacy system and implement TLS (1.2 and) 1.3 is asking too much, and will largely be ignored by the people who would be able to add 1.1 to their 1.0 code. I understand that we don't vote here. Mike On Tue, Oct 13, 2020, at 15:15, Benjamin Kaduk wrote: > Hi Mike, > > On Tue, Oct 13, 2020 at 03:09:15PM -0400, Michael D'Errico wrote: > > I know that saying this will have no effect, but I'd > > rather see deprecation of just TLS 1.0 and retain > > version 1.1 as not recommended. > > Saying that it's your preference without saying why is likely to have > little effect, yes. (We endeavor to make decisions based on technical > merit, not voting, after all.) Why do you want this? TLS 1.1 seems to > have minimal usage (less even than 1.0) and is much closer to 1.0 than 1.2 > (let alone 1.3) in terms of design and safety. > > > Also, we should not abandon RFC 7507 (downgrade > > protection SCSV). What harm is there in keeping it > > around? None. > > I don't expect implementations to abandon SCSV any faster than they abandon > TLS 1.0 or 1.1. But if the official advice is that 1.0 and 1.1 are > obsolete, then the official advice should also be that SCSV is obsolete -- > its function is performed in a different way by the newer versions of TLS. > > -Ben > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
