Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt

Fri, 08 Mar 2019 11:50:52 -0800 

Hiya,

On 08/03/2019 19:31, Julien ÉLIE wrote:
> Hi Stephen,
>>> That's why I suggest draft-ietf-tls-oldversions-deprecate does not
>>> update RFC 4642.  It is no longer useful.
>>> Are you OK with this analysis?
>>
>> Sorta:-) I think these are overlapping but not quite
>> identical updates. E.g. IIUC 8143 doesn't say to not
>> use TLSv1.1. I added the sentence below to the editor's
>> copy [1], but happy to do something else if I'm wrong,
>> which is entirely possible;-)
> 
> RFC 8143 (updating RFC 4642) states in Section 3:
> 
>    The best current practices documented in [BCP195] apply here.
>    Therefore, NNTP implementations and deployments compliant with this
>    document are REQUIRED to comply with [BCP195] as well.
> 
> And RFC 7525 (belonging to BCP 195) states in Section 3.1.1:
> 
>    o  Implementations SHOULD NOT negotiate TLS version 1.1
> [...]
>    o  Implementations MUST support TLS 1.2 [RFC5246] and MUST prefer to
>       negotiate TLS version 1.2 over earlier versions of TLS.
> 
> That's why I thought RFC 8143 was already requiring not to use TLS 1.1.

SHOULD NOT != MUST NOT though:-) And in any case, an additional
unnecessary update would be no harm in this case, so I figure it's
best to leave it as-is. (Unless I'm missing some reason why that
UPDATE would do damage, in which case, we should chat more.)

> Incidentally, in the Abstract of draft-ietf-tls-oldversions-deprecate,
> it is said that this document updates RFC 7525, but RFC 7525 does not
> appear in the Updates list.  Shouldn't it be added?

Yeah, I was wondering about that too;-)

A BCP can consist of >1 RFC (e.g. see BCP10 [1]). So this one can
become part of BCP195 without UPDATEing RFC7525 I think. However,
now that I actually look at BCP 10, it has two RFCs: 7437 and 8318.
And in that case 8318 does update 7437.

So, yes, I've added 7525 to the list of UPDATEd stuff in my copy [2]
and made a change of intended status to BCP. (I bet a beer we'll
change that again >1 time:-)

Cheers,
S.

[1] https://tools.ietf.org/html/bcp10
[2]
https://github.com/tlswg/oldversions-deprecate/blob/master/draft-ietf-tls-oldversions-deprecate.txt

>

Attachment: 0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to