Deprecating TLSv1.0 and TLSv1.1
draft-moriarty-tls-oldversions-diediedie-00

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2018-06-18
Replaced by draft-ietf-tls-oldversions-deprecate
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Engineering Task Force                              K. Moriarty
Internet-Draft                                                  Dell EMC
Updates: [[List TBD]] (if approved)                           S. Farrell
Intended status: Standards Track                  Trinity College Dublin
Expires: December 20, 2018                                 June 18, 2018

                    Deprecating TLSv1.0 and TLSv1.1
              draft-moriarty-tls-oldversions-diediedie-00

Abstract

   This document [if approved] formally deprecates Transport Layer
   Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves
   these documents to the historic state.  These versions lack support
   for current and recommended cipher suites, and various government and
   industry profiiles of applications using TLS now mandate avoiding
   these old TLS versions.  TLSv1.2 has been the recommended version for
   IETF protocols since 2008, providing sufficient time to transition
   away from older versions.  Products having to support older versions
   increase the attack surface unnecessarily and increase opportunities
   for misconfigurations.  Supporting these older versions also requires
   additional effort for library and product maintenance.

   This document updates the backward compatibility sections of TLS RFCs
   [[list TBD]] to prohibit fallback to TLSv1.0 and TLSv1.1.  This
   document also updates RFC 7525.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 20, 2018.

Moriarty & Farrell      Expires December 20, 2018               [Page 1]
Internet-Draft       Deprecating TLSv1.0 and TLSv1.1           June 2018

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Support for Deprecation . . . . . . . . . . . . . . . . . . .   3
     2.1.  NIST 800-52r2 . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Usage and Support . . . . . . . . . . . . . . . . . . . . . .   5
   4.  Do Not Use TLSv1.0  . . . . . . . . . . . . . . . . . . . . .   5
   5.  Do Not Use TLSv1.1  . . . . . . . . . . . . . . . . . . . . .   6
   6.  Updates to RFC7525  . . . . . . . . . . . . . . . . . . . . .   7
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   10. Contributors  . . . . . . . . . . . . . . . . . . . . . . . .   8
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     11.1.  Normative References . . . . . . . . . . . . . . . . . .   8
     11.2.  Informative References . . . . . . . . . . . . . . . . .   8
   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . .  10
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   [[Text in double-square brackets, like this, is commentary intended
   to be fixed as the draft evolves.  You're already seen that we need
   to figure out the list of RFCs that this'd update in the abstract.]]

   Transport Layer Security (TLS) versions 1.0 [RFC2246] and 1.1
   [RFC4346] were superceded by TLSv1.2 [RFC5246] in 2008, which has now
   itself been superceded by TLSv1.3 [I-D.ietf-tls-tls13].  It is
   therefore timely to further deprecate these old versions.  The
   expection is that TLSv1.2 will continue to be used for many years
   alongside TLSv1.3.

Moriarty & Farrell      Expires December 20, 2018               [Page 2]
Internet-Draft       Deprecating TLSv1.0 and TLSv1.1           June 2018
Show full document text