Deprecating TLSv1.0 and TLSv1.1
draft-ietf-tls-oldversions-deprecate-12

Document Type Active Internet-Draft (tls WG)
Authors Kathleen Moriarty  , Stephen Farrell 
Last updated 2021-03-02 (latest revision 2021-01-21)
Replaces draft-moriarty-tls-oldversions-diediedie
Stream IETF
Intended RFC status Best Current Practice
Formats plain text xml pdf htmlized (tools) htmlized bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Sean Turner
Shepherd write-up Show (last changed 2020-12-29)
IESG IESG state RFC Ed Queue
Action Holders
(None)
Consensus Boilerplate Yes
Telechat date
Responsible AD Benjamin Kaduk
Send notices to Sean Turner <sean@sn3rd.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
IANA IANA review state IANA OK - No Actions Needed
IANA action state No IANA Actions
RFC Editor RFC Editor state AUTH48
Details
Internet Engineering Task Force                              K. Moriarty
Internet-Draft                                                  Dell EMC
Obsoletes: 5469 7507 (if approved)                            S. Farrell
Updates: 8422 8261 7568 7562 7525 7465            Trinity College Dublin
         7030 6750 6749 6739 6460 6614                  January 21, 2021
         6367 6353 6347 6176 6084 6083
         6042 6012 5953 5878 5734 5456
         5422 5415 5364 5281 5263 5238
         5216 5158 5091 5054 5049 5024
         5023 5019 5018 4992 4976 4975
         4964 4851 4823 4791 4785 4744
         4743 4732 4712 4681 4680 4642
         4616 4582 4540 4531 4513 4497
         4279 4261 4235 4217 4168 4162
         4111 4097 3983 3943 3903 3887
         3871 3856 3767 3749 3656 3568
         3552 3501 3470 3436 3329 3261
         (if approved)
Intended status: Best Current Practice
Expires: July 25, 2021

                    Deprecating TLSv1.0 and TLSv1.1
                draft-ietf-tls-oldversions-deprecate-12

Abstract

   This document, if approved, formally deprecates Transport Layer
   Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).
   Accordingly, those documents (will be moved|have been moved) to
   Historic status.  These versions lack support for current and
   recommended cryptographic algorithms and mechanisms, and various
   government and industry profiles of applications using TLS now
   mandate avoiding these old TLS versions.  TLSv1.2 became the
   recommended version for IETF protocols in 2008, (subsequently being
   obsoleted by TLSv1.3 in 2018), providing sufficient time to
   transition away from older versions.  Removing support for older
   versions from implementations reduces the attack surface, reduces
   opportunity for misconfiguration, and streamlines library and product
   maintenance.

   This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC
   4347), but not DTLS version 1.2, and there is no DTLS version 1.1.

   This document updates many RFCs that normatively refer to TLSv1.0 or
   TLSv1.1 as described herein.  This document also updates the best
   practices for TLS usage in RFC 7525 and hence is part of BCP 195.

Moriarty & Farrell        Expires July 25, 2021                 [Page 1]
Internet-Draft       Deprecating TLSv1.0 and TLSv1.1        January 2021

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 25, 2021.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  RFCs Updated  . . . . . . . . . . . . . . . . . . . . . .   3
     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   5
   2.  Support for Deprecation . . . . . . . . . . . . . . . . . . .   5
   3.  SHA-1 Usage Problematic in TLSv1.0 and TLSv1.1  . . . . . . .   6
   4.  Do Not Use TLSv1.0  . . . . . . . . . . . . . . . . . . . . .   6
   5.  Do Not Use TLSv1.1  . . . . . . . . . . . . . . . . . . . . .   7
   6.  Updates to RFC 7525 . . . . . . . . . . . . . . . . . . . . .   8
   7.  Operational Considerations  . . . . . . . . . . . . . . . . .   8
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   9
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     11.1.  Normative References . . . . . . . . . . . . . . . . . .   9

Moriarty & Farrell        Expires July 25, 2021                 [Page 2]
Internet-Draft       Deprecating TLSv1.0 and TLSv1.1        January 2021

     11.2.  Informative References . . . . . . . . . . . . . . . . .  18
Show full document text