Deprecation of TLS 1.1 for Email Submission and Access
draft-ietf-uta-tls-for-email-05
Yes
Roman Danyliw
(Alexey Melnikov)
No Objection
(Adam Roach)
(Alvaro Retana)
(Deborah Brungard)
(Magnus Westerlund)
Abstain
Note: This ballot was opened for revision 04 and is now closed.
Roman Danyliw
Yes
Éric Vyncke
No Objection
Comment
(2020-02-07 for -04)
Sent
Thank you for doing the laundry ;-) As request by Barry, please use RFC 8714 boilerplate Regards -éric
Alexey Melnikov Former IESG member
Yes
Yes
(for -04)
Unknown
Barry Leiba Former IESG member
Yes
Yes
(2020-02-19 for -04)
Sent
Thanks for doing this. While I don’t like this mechanism for making this update, I understand why, and accept it for this case. — Section 2 — Please use the current BCP 14 boilerplate from RFC 8174, and add a normative reference to that RFC. — Section 3 — The text “In Section 4.1, the text should be revised from: “ should be removed from the third “OLD”, as none of the others have anything like that and it isn’t part of the old text. + + + + + + + + + + + + + + + + + + + + The following are comments from Murray Kucherawy, incoming ART AD. Murray is getting an early start on doing reviews, and I’m including his comments into my ballots during the overlap period before he’s officially an Area Director. - - - - - - - - - - - - - - - - - - - - I concur with Radia's review. I would actually prefer to see RFC8314 completely replaced by a new version. It's pretty easy to get the XML for that RFC from the editor, do the search-and-replace, add a "Changes Since" section, reset acknowledgements as appropriate, update the draft's name and date, and send it up. That's pretty much how I did RFC8478bis. The tracker makes it easy to diff to the old version so it's clear only the expected changes are present.
Adam Roach Former IESG member
No Objection
No Objection
(for -04)
Not sent
Alissa Cooper Former IESG member
No Objection
No Objection
(2020-02-19 for -04)
Sent
Please respond to the Gen-ART review.
Alvaro Retana Former IESG member
No Objection
No Objection
(for -04)
Not sent
Deborah Brungard Former IESG member
No Objection
No Objection
(for -04)
Not sent
Magnus Westerlund Former IESG member
No Objection
No Objection
(for -04)
Not sent
Martin Vigoureux Former IESG member
No Objection
No Objection
(2020-02-17 for -04)
Sent
Hi In the updates it proposes, this document seems to still allow for the use/support of 1.0 and 1.1 but draft-ietf-tls-oldversions-deprecate-06 says MUST NOT use for these. I'm surely missing something obvious or I'm simply incorrectly interpreting the text, but shedding light on this would be greatly appreciated. Thanks -m
Mirja Kühlewind Former IESG member
No Objection
No Objection
(2020-02-18 for -04)
Sent
I don't think it would have been necessary for this document to use the OLD/NEW style update. Effectively, you've replaced all occurrences of "1.1" with "1.2" and one occurrence of "TLS 1.0" with "TLS 1.0 or TLS 1.1". I would think everybody who is smart enough to understand the content of the updated RFC, should also be able to make this exchange in their head on their own. However it's a short document no matter what, so probably not an issue one way or the other.
Suresh Krishnan Former IESG member
(was Discuss)
No Objection
No Objection
(2020-03-24)
Sent
Thanks for addressing my DISCUSS point about legacy ClientHello handling in -05.
Benjamin Kaduk Former IESG member
Abstain
Abstain
(2020-02-19 for -04)
Sent
While I support the TLS version requirements changes that this document is making, I seem to be failing to find the discussion/explanation of why this document is needed in this format, as opposed to the changes being included as part of the updates in draft-ietf-tls-oldversions-deprecate. Also, I have some comments on the current text. Didn't a late review comment to the last-call on the -03 suggest to have the requirements here include "follow BCP 195" and get a positive response from an author? I don't see that change present in the -04. (A similar change was suggested nearly a year ago for the -01, in https://mailarchive.ietf.org/arch/msg/uta/6ZHi1RlE2CW3eLMub2HLXaiK8dY , but received no response.) Section 2 Please use the normal BCP 14 boilerplate from RFC 8174. Section 3 OLD: In Section 4.1, the text should be revised from: "It is RECOMMENDED that new users be required to use TLS version 1.1 or greater from the start. However, an MSP may find it necessary to make exceptions to accommodate some legacy systems that support only earlier versions of TLS or only cleartext." NEW: "It is RECOMMENDED that new users be required to use TLS version 1.2 There seems to be a mismatch regarding the presence of the "In Section 4.1, the text should be revised from" text.