Deprecating TLSv1.0 and TLSv1.1
draft-ietf-tls-oldversions-deprecate-02

Document Type Active Internet-Draft (tls WG)
Last updated 2019-03-09
Replaces draft-moriarty-tls-oldversions-diediedie
Stream IETF
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Engineering Task Force                              K. Moriarty
Internet-Draft                                                  Dell EMC
Updates: 8465 8422 7568 7562 7525 7507                        S. Farrell
         7465 7030 6750 6749 6739 6460            Trinity College Dublin
         6084 6083 6367 6347 6176 6042                     March 9, 2019
         6012 5878 5734 5469 5456 5422
         5415 5364 5281 5263 5238 5216
         5158 5091 5054 5049 5024 5023
         5019 5018 4992 4976 4975 4964
         4851 4823 4791 4785 4744 4743
         4732 4712 4681 4680 4642 4616
         4582 4540 4531 4513 4497 4279
         4261 4235 4217 4168 4162 4111
         4097 3983 3943 3903 3887 3871
         3856 3767 3749 3656 3568 3552
         3501 3470 3436 3329 3261 (if
         approved)
Intended status: Best Current Practice
Expires: September 10, 2019

                    Deprecating TLSv1.0 and TLSv1.1
                draft-ietf-tls-oldversions-deprecate-02

Abstract

   This document, if approved, formally deprecates Transport Layer
   Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves
   these documents to the historic state.  These versions lack support
   for current and recommended cipher suites, and various government and
   industry profiles of applications using TLS now mandate avoiding
   these old TLS versions.  TLSv1.2 has been the recommended version for
   IETF protocols since 2008, providing sufficient time to transition
   away from older versions.  Products having to support older versions
   increase the attack surface unnecessarily and increase opportunities
   for misconfigurations.  Supporting these older versions also requires
   additional effort for library and product maintenance.

   This document also deprecates Datagram TLS (DTLS) version 1.0
   [RFC6347] (but not DTLS version 1.2, and there is no DTLS version
   1.1).

   This document updates many RFCs that normatively refer to TLSv1.0 or
   TLSv1.1 as described herein.  This document also updates RFC 7525 and
   hence is part of BCP195.

Moriarty & Farrell     Expires September 10, 2019               [Page 1]
Internet-Draft       Deprecating TLSv1.0 and TLSv1.1          March 2019

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 10, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  RFCs Updated  . . . . . . . . . . . . . . . . . . . . . .   4
     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Support for Deprecation . . . . . . . . . . . . . . . . . . .   4
   3.  SHA-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . .   6
   4.  Do Not Use TLSv1.0  . . . . . . . . . . . . . . . . . . . . .   6
   5.  Do Not Use TLSv1.1  . . . . . . . . . . . . . . . . . . . . .   7
   6.  Updates to RFC7525  . . . . . . . . . . . . . . . . . . . . .   7
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   8
     10.2.  Informative References . . . . . . . . . . . . . . . . .  16

Moriarty & Farrell     Expires September 10, 2019               [Page 2]
Internet-Draft       Deprecating TLSv1.0 and TLSv1.1          March 2019

   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . .  21
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  21
Show full document text