On Fri, Mar 03, 2023 at 08:17:55PM +0200, Nimrod Aviram wrote: > Specifically, we will have to decide when/if to deprecate version 1.2 of > TLS within, say, the next 20 years.
20 years is a long time. We can only reason about shorter timelines. In the next ~5 years, I don't yet see a defensible reason to deprecate TLS 1.2. There are still to this day supported LTS enterprise operating systems that support only TLS 1.2. Yes, they're nearing EOL, but are not there yet. Also, TLS 1.3 is not a simple evolutionary update, it is a major new protocol, be it one that largely manages to masquerades as TLS 1.2 to middleboxes, and supports version negotiation with TLS 1.2 peers. Migration to TLS 1.3 is not always straightforward, and, especially in terms of resumption behaviour, troubleshooting (largely encrypted handshakes) and maturity of supporting software in specialised application sectors, TLS 1.3 is still too young to talk about imminent deprecation of TLS 1.2. Yes, once TLS 1.3 is closer to 20 years old, we'll know whether TLS 1.2 can or should be retired, but until such time, TLS 1.2 is likely to still be with us (embedded in home routers, printers, refrigerators, ...). Even among (presumably security minded) SMTP server operators who've deployed DANE, ~10% negotiate TLS 1.2. The numbers are likely higher in the broader SMTP ecosystem. DANE survey SMTP endpoint counts by TLS version: 27,985 - TLS 1.3 2,927 - TLS 1.2 5 - TLS 1.0 -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls