Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Deprecating TLS 1.0 and TLS 1.1
draft-ietf-tls-oldversions-deprecate-12

Yes

Erik Kline

Murray Kucherawy

Roman Danyliw

Warren Kumari

Éric Vyncke

(Alissa Cooper)

(Barry Leiba)

(Benjamin Kaduk)

(Deborah Brungard)

(Martin Duke)

No Objection

(Alvaro Retana)

(Martin Vigoureux)

(Robert Wilton)

Note: This ballot was opened for revision 11 and is now closed.

Erik Kline

Yes

Murray Kucherawy

Yes

Roman Danyliw

Yes

Comment (2021-01-19 for -11) Not sent

Thank you for the effort to comprehensively modernize the TLS guidance.

Thank you to Adam Montville for the SECDIR review.

Warren Kumari

Yes

Éric Vyncke

Yes

Comment (2021-01-19 for -11) Sent

Thank you for the work put into this document. 

Special thanks to the shepherd, Sean Turner, who did a great job to describe the WG consensus. Rob Wilton's point about minimum version is also important and should be addressed in the abstract (even if the text is clearer in section 1).

Please find below some nits.

I hope that this helps to improve the document,

Regards,

-éric

-- Abstract --
"This document, if approved, formally deprecates Transport Layer" => should ", if approved," be removed now from the abstract? The RFC Editor will probably do it though.

-- Section 1 --
"deprecate these old versions." should the "these old version" be followed by the enumeration ?

Alissa Cooper Former IESG member

Yes

Yes (for -11) Not sent

Barry Leiba Former IESG member

Yes

Yes (2021-01-19 for -11) Sent

I think this is the first time I’ve reviewed a document where the “References” section is longer than the rest of the document combined.

Just a couple of nits:

— Section 1.1 —

   Fallback to these versions are prohibited
   through this update.

Fallback “is” prohibited (not “are”).

— Section 6 —

   This documents updates [RFC7525] Section 3.1.1

“document”, singular.

Benjamin Kaduk Former IESG member

Yes

Yes (2021-01-08 for -11) Not sent

The replacement of (e.g.) "TLS 1.0" with "TLSv1.0" affected the quote from the NIST document,
which brings in slightly more divergence from the referenced material.

Deborah Brungard Former IESG member

Yes

Yes (for -11) Not sent

Martin Duke Former IESG member

Yes

Yes (for -11) Not sent

Alvaro Retana Former IESG member

No Objection

No Objection (for -11) Not sent

Martin Vigoureux Former IESG member

No Objection

No Objection (for -11) Not sent

Robert Wilton Former IESG member

No Objection

No Objection (2021-01-12 for -11) Sent

Thank you for purging the old versions of TLS.

There is one sentence in the abstract that I found surprising (if it is right).

The abstract states: "TLSv1.2 has been the
   recommended version for IETF protocols since 2008, providing
   sufficient time to transition away from older versions."

Should this be "minimum recommended version"?  Otherwise, I don't understand why the recommended version of TLS is 1.2 rather than 1.3 (given that the TLS 1.2 RFC is marked as obsolete).

Deprecating TLS 1.0 and TLS 1.1 draft-ietf-tls-oldversions-deprecate-12

Deprecating TLS 1.0 and TLS 1.1
draft-ietf-tls-oldversions-deprecate-12