On 4/12/19 7:28 PM, Christopher Wood
wrote:
This is the working group last call for the "Deprecating TLSv1.0 and TLSv1.1” draft available at:https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ Please review the document and send your comments to the list by April 26, 2019. I think the document should be published. I agree with Martin Thomson's observation that the SP 800-52r2
quotes in Section 2 are a bit prolix considering the relatively
small content that would remain if excised, and that NIST document
has been in draft for a prolonged time (reducing its authority).
The quotes imply but do not demand disuse of TLS 1.0 and TLS 1.1,
and could inadvertently be interpreted to mean that use of TLS 1.2
rather than TLS 1.3 is sinful. An additional (congenial) informative reference could be BSI
TR-02102-2 found at https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/tr02102/index_htm.html which in §3.2 states "TLS 1.0 and TLS 1.1 are not recommended". Regards, Gary |
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls