Hi Gary, Thanks for your review and support. I'll respond inline and if Stephen disagrees, he will chime in :-)
On Wed, Apr 24, 2019 at 9:51 AM Gary Gapinski <gary= 40garygapinski....@dmarc.ietf.org> wrote: > On 4/12/19 7:28 PM, Christopher Wood wrote: > > This is the working group last call for the "Deprecating TLSv1.0 and TLSv1.1” > draft available at: > > https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ > > Please review the document and send your comments to the list by April 26, > 2019. > > I think the document should be published. > > I agree with Martin Thomson's observation that the SP 800-52r2 quotes in > Section 2 are a bit prolix considering the relatively small content that > would remain if excised, and that NIST document has been in draft for a > prolonged time (reducing its authority). The quotes imply but do not demand > disuse of TLS 1.0 and TLS 1.1, and could inadvertently be interpreted to > mean that use of TLS 1.2 rather than TLS 1.3 is sinful. > I had interpreted Martin's comment's a little differently and cut out other text. Hmm, for the NIST quotes, I see this as providing the supporting reasons and their recommendations not being the same as the recommendations in this draft. I think by the updated text Marten suggested on "updates", this point is addressed, but please let us know if you feel otherwise. > An additional (congenial) informative reference could be BSI TR-02102-2 > found at > > > https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/tr02102/index_htm.html > > which in §3.2 states "TLS 1.0 and TLS 1.1 are *not recommended*". > Thank you for the reference, it's probably bets to have a couple of sources here. I included the following text with the pdf reference included in the working copy: The German Federal Office for Information Security, recommends against use of TLS versions less than 1.2 in the publication <xref target="TR-02102-2" >Cryptographic Mechanisms: Recommendations and Key Lengths</xref> Best regards, Kathleen > Regards, > > Gary > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Best regards, Kathleen
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls