I think the term telecom is as obsolete as TLS 1.2 :) Mobile network are all IP, and voice communication is to a large degree provided by Internet companies. 3GPP operates in generations every 10 years (2G, 3G, 4G, 5G, 6G), half generations every 5 years (GPRS, HSPA, 4G LTE Advanced), as well as releases every 1-2 years. I think the cellular industry has been one of the quickest adopters of TLS 1.3:
- 3GPP Rel-15 (2018) mandated support of TLS 1.3 for all network nodes for all uses of TLS (3GPP standards and products have quite many uses of (D)TLS). 5G core networks rely on TLS 1.3 and HTTPS for the new SBA zero-trust architecture. - 3GPP Rel-16 (2020) mandated support of TLS 1.3 for all UEs (mobile phones and IoT devices) as well as EAP-TLS 1.3 (if EAP-TLS is supported). - 3GPP Rel-17 (2021) has an approved work item to mandate support of DTLS 1.3 but due to it not being published as an RFC yet, that is likely to happen in Rel-18 (2023) instead. In the dark ages of SSL 3.0, TLS 1.0, TLS 1.1, etc. it seems to have been considered acceptable to continue using obsolete versions of security protocols like TLS. I’m happy that NIST agrees that this is not acceptable anymore. Industries should have started with the TLS 1.3 transition many years ago, right now industries should start thinking about when support of TLS 1.2 can be turned off (which is likely not before 2030-ish). Cheers, John From: Salz, Rich <rs...@akamai.com> Date: Thursday, 4 November 2021 at 15:02 To: Hannes Tschofenig <hannes.tschofe...@arm.com>, John Mattsson <john.matts...@ericsson.com>, IETF TLS <tls@ietf.org> Subject: Re: [TLS] Flags Extension: why only for TLS 1.3? I am amused to see a telecom person saying obsolete when it’s only 2-3 years old. In my discussions I’ve found that they think in terms of at least 10 years. ☺
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
