On Tue, Jan 2, 2024 at 8:17 PM Benjamin Kaduk <bkaduk= 40akamai....@dmarc.ietf.org> wrote:
> On Tue, Jan 02, 2024 at 07:17:44PM -0800, Eric Rescorla wrote: > > On Tue, Jan 2, 2024 at 5:02 PM Rob Sayre <[1]say...@gmail.com> wrote: > > > > It might be better to describe TLS 1.2 as "overtaken by events". If > you > > want to use CSS Grid or Swift UI (name any newish thing), you'll > find > > yourself with a stack that supports TLS 1.3, so there's no need to > > bother with TLS 1.2 in those cases. Turning off TLS 1.2 is > sometimes a > > good idea, because that traffic is composed of undesirable bots in > many > > cases. > > I know people also work on things that are old, but it seems ok to > call > > them really old, because that is true. No one seems to disagree with > > this point in the draft: "TLS 1.3 [TLS13] is also in widespread use > and > > fixes most known deficiencies with TLS 1.2". > > If you think this draft is so strict that it will be ignored, you > have > > nothing to worry about. > > > > The issue I am concerned about is that: > > 1. Implementors who do not want to upgrade to TLS 1.3 will implement > new > > cipher suites > > 2. IANA will refuse to register the new cipher suites > > With the result being potential code point collisions. > > I share this concern. > In the interest of clarity, I favor the WG declining to work on extending TLS 1.2, so these cipher suites should be marked as Recommended=No. I'm just concerned that closing the registries entirely will not have the best results. -Ekr -Ben > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
