Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

I haven't followed all the nuances of this discussion, but it seems to boil down to use of "MUST NOT" when certain "EXCEPTIONS MAY" exist for private enterprise running legacy kit, which makes decision makers anxious, since they don't want responsibility for something they "MUST NOT" do: A

Re: [TLS] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On Mon, Nov 30, 2020 at 07:40:34PM -0500, Keith Moore wrote: > I've been thinking something like this also.  But IMO there are still > valid cases for negotiating older versions of TLS on the public > Internet, such as the mail relaying case mentioned earlier.    So far I > haven't thought of

Re: [TLS] TLS@IETF109: Confirming draft-ietf-tls-certificate-compression reference swap

All, Hearing no objections, we will inform the RFC editor of the proposed reference swap. spt > On Nov 18, 2020, at 00:11, Sean Turner wrote: > > All, > > During the TLS@IETF109 session, I noted that publication of > draft-ietf-tls-certificate-compression will be delayed until a late

Re: [TLS] Call for adoption of draft-vvv-tls-cross-sni-resumption

At this point we do not have many responses and it is not clear if there is consensus to adopt the draft. Given that this call has overlapped with vacation time we are going to extend the call until December 11, 2020. Please indicate if you are willing to be a reviewer for the draft. Thanks,

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Hiya, On 01/12/2020 00:29, Peter Gutmann wrote: However I think your comment points out the overall problem: usage in web, mail and OSes This means there's no consideration at all of use in embedded/SCADA/whatever. I wouldn't agree with "no consideration" but guess we might agree about

Re: [TLS] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On 11/30/20 7:29 PM, Peter Gutmann wrote: So I think the text should include wording to the effect that it applies to public Internet use but not to embedded/SCADA/etc for which very different considerations apply. I've been thinking something like this also.  But IMO there are still valid

Re: [TLS] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Stephen Farrell writes: >In earlier iterations of the draft we included some survey results for TLS >version usage in web, mail and OSes. I think your argument to special-case >embedded systems or systems without s/w update would be a lot stronger if you >or someone else had data to offer about

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Nick Lamb writes: >You won't get such a certificate from a public CA (presumably meaning a CA >issuing in the Web PKI). Well, you're less likely to now thanks to CT. Before that public CAs issued huge numbers of them, including EV certs. >They're subject to the CA/B Baseline Requirements

Re: [TLS] Opsdir last call review of draft-ietf-tls-oldversions-deprecate-09

Thank you for your review, Nagendra and finding several nits. We'll correct them. Best regards, Kathleen On Mon, Nov 30, 2020 at 4:21 PM Nagendra Nainar via Datatracker < nore...@ietf.org> wrote: > Reviewer: Nagendra Nainar > Review result: Ready > > Hi, > > I have reviewed this document as

[TLS] Opsdir last call review of draft-ietf-tls-oldversions-deprecate-09

Reviewer: Nagendra Nainar Review result: Ready Hi, I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts

Re: [TLS] Missing updates in our RFCS? - what does update mean (modified topic)

> On 30 Nov 2020, at 15:07, Eric Rescorla wrote: > > > > On Mon, Nov 30, 2020 at 5:12 AM Olle E. Johansson > wrote: > > >> On 30 Nov 2020, at 14:08, Eric Rescorla > > wrote: >> >> >> >> On Sun, Nov 29, 2020 at 10:36 PM Olle E. Johansson >

Re: [TLS] Missing updates in our RFCS? - what does update mean (modified topic)

On Mon, Nov 30, 2020 at 5:12 AM Olle E. Johansson wrote: > > > On 30 Nov 2020, at 14:08, Eric Rescorla wrote: > > > > On Sun, Nov 29, 2020 at 10:36 PM Olle E. Johansson wrote: > >> >> >> > On 30 Nov 2020, at 01:51, Watson Ladd wrote: >> > >> > Dear TLS WG, >> > >> > I think RFC 7627 should

Re: [TLS] Missing updates in our RFCS? - what does update mean (modified topic)

On 11/30/20 5:43 AM, Olle E. Johansson wrote: On 30 Nov 2020, at 14:35, Marc Petit-Huguenin wrote: On 11/30/20 5:12 AM, Olle E. Johansson wrote: On 30 Nov 2020, at 14:08, Eric Rescorla wrote: On Sun, Nov 29, 2020 at 10:36 PM Olle E. Johansson mailto:o...@edvina.net>> wrote: On 30

Re: [TLS] Missing updates in our RFCS? - what does update mean (modified topic)

> On 30 Nov 2020, at 14:35, Marc Petit-Huguenin wrote: > > On 11/30/20 5:12 AM, Olle E. Johansson wrote: >>> On 30 Nov 2020, at 14:08, Eric Rescorla wrote: >>> >>> >>> >>> On Sun, Nov 29, 2020 at 10:36 PM Olle E. Johansson >> > wrote: >>> >>> On 30 Nov 2020,

Re: [TLS] Missing updates in our RFCS? - what does update mean (modified topic)

On 11/30/20 5:12 AM, Olle E. Johansson wrote: On 30 Nov 2020, at 14:08, Eric Rescorla wrote: On Sun, Nov 29, 2020 at 10:36 PM Olle E. Johansson mailto:o...@edvina.net>> wrote: On 30 Nov 2020, at 01:51, Watson Ladd mailto:watsonbl...@gmail.com>> wrote: Dear TLS WG, I think RFC 7627

Re: [TLS] Missing updates in our RFCS? - what does update mean (modified topic)

> On 30 Nov 2020, at 14:08, Eric Rescorla wrote: > > > > On Sun, Nov 29, 2020 at 10:36 PM Olle E. Johansson > wrote: > > > > On 30 Nov 2020, at 01:51, Watson Ladd > > wrote: > > > > Dear TLS WG, > > > > I think RFC 7627 should

Re: [TLS] Missing updates in our RFCS? - what does update mean (modified topic)

On Sun, Nov 29, 2020 at 10:36 PM Olle E. Johansson wrote: > > > > On 30 Nov 2020, at 01:51, Watson Ladd wrote: > > > > Dear TLS WG, > > > > I think RFC 7627 should update 5056, 5705, and maybe a few more. > > > > I noticed these omissions when looking at the kitten draft to use TLS > > 1.3