On Fri, Mar 03, 2023 at 08:17:55PM +0200, Nimrod Aviram wrote:
> Specifically, we will have to decide when/if to deprecate version 1.2 of
> TLS within, say, the next 20 years.
20 years is a long time. We can only reason about shorter timelines.
In the next ~5 years, I don't yet see a defensible reason to deprecate
TLS 1.2.
There are still to this day supported LTS enterprise operating systems
that support only TLS 1.2. Yes, they're nearing EOL, but are not there
yet.
Also, TLS 1.3 is not a simple evolutionary update, it is a major new
protocol, be it one that largely manages to masquerades as TLS 1.2 to
middleboxes, and supports version negotiation with TLS 1.2 peers.
Migration to TLS 1.3 is not always straightforward, and, especially in
terms of resumption behaviour, troubleshooting (largely encrypted
handshakes) and maturity of supporting software in specialised
application sectors, TLS 1.3 is still too young to talk about imminent
deprecation of TLS 1.2.
Yes, once TLS 1.3 is closer to 20 years old, we'll know whether TLS 1.2
can or should be retired, but until such time, TLS 1.2 is likely to
still be with us (embedded in home routers, printers, refrigerators,
...).
Even among (presumably security minded) SMTP server operators who've
deployed DANE, ~10% negotiate TLS 1.2. The numbers are likely higher in
the broader SMTP ecosystem. DANE survey SMTP endpoint counts by TLS
version:
27,985 - TLS 1.3
2,927 - TLS 1.2
5 - TLS 1.0
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
