I also believe that it's ready. On Fri, Apr 26, 2019 at 5:49 AM Daniel Migault <daniel.miga...@ericsson.com> wrote: > > I believe the doc is fine as it is. > Yours, > Daniel > > On Thu, Apr 25, 2019 at 9:30 PM Viktor Dukhovni <ietf-d...@dukhovni.org> > wrote: >> >> > On Apr 12, 2019, at 7:28 PM, Christopher Wood <c...@heapingbits.net> wrote: >> > >> > This is the working group last call for the "Deprecating TLSv1.0 and >> > TLSv1.1” draft available at: >> > >> > https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ >> > >> > Please review the document and send your comments to the list by April 26, >> > 2019. >> >> My concern is whether the time is yet nigh for TLS 1.0 to be disabled >> in opportunistic TLS in SMTP, or whether TLS 1.0 remains sufficiently >> common to cause deprecation to do more harm than good via unnecessary >> downgrades to cleartext. >> >> I don't have survey numbers for SMTP TLS protocol versions across MTAs >> generally to shed light on this, perhaps someone does. What I do have >> is numbers for those MTAs (not a representative sample) that have DANE >> TLSA records (so presumably a greater focus on security). >> >> The observed version frequencies are approximately: >> >> TLS 1.0: 1% >> TLS 1.1: 0% >> TLS 1.2: 87% >> TLS 1.3: 12% >> >> essentially regardless of whether I deduplicate by name, IP or name and IP. >> The respective sample sizes are 5435, 6938 and 7959. >> >> So if a DANE-enabled sender were to disable TLS 1.0 today, approximately >> 1% of the destination MX hosts would be broken and need remediation. These >> handle just of 189 mostly small SOHO domains out of the ~1.1 million total >> DANE SMTP domains, but four handle enough email to show up on the Gmail >> SMTP transparency report: >> >> tu-darmstadt.de >> t-2.net >> t-2.com >> t-2.si >> >> So on the whole, the draft should proceed, but some caution may be >> appropriate >> outside the browser space, before operators start switching off TLS 1.0 >> support. >> >> I don't see an operational considerations section. Nor much discussion of >> "less mainstream" (than Web browser) TLS application protocols. Would a few >> words of caution be appropriate, or is it expected that by the time the RFC >> starts to change operator behaviour the "market share" of TLS 1.0 will be >> substantially lower than I see today even with SMTP, XMPP, NTTP and the like. >> >> [ I would speculate that TLS 1.0's share is noticeably higher among MTAs >> generally than among the bleeding-edge MTAs that have published DANE TLSA >> RRs. ] >> >> -- >> Viktor. >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
