Deprecating TLS 1.0 and TLS 1.1
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Kathleen Moriarty <email@example.com>, Sean Turner <firstname.lastname@example.org>, The IESG <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'Deprecating TLSv1.0 and TLSv1.1' to Best Current Practice (draft-ietf-tls-oldversions-deprecate-12.txt) The IESG has approved the following document: - 'Deprecating TLSv1.0 and TLSv1.1' (draft-ietf-tls-oldversions-deprecate-12.txt) as Best Current Practice This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
Technical Summary This document formally deprecates Transport Layer Security (TLS) versions 1.0 [RFC2246], TLS 1.1 [RFC4346], and DTLS 1.0 [RFC4347]. It moves these documents to the historic state. The draft is intended for BCP because it updates 7525 and hence should be part of BCP195. Working Group Summary When this draft was first presented at IETF 102, there was discussion about waiting to request publication until the TLSv1.0 and TLSv1.1 use rates to drop to an “acceptable” level. There were others that felt that there was no need to wait and that the IETF should do what it thinks is right with its protocols. The WG, obviously, settled on progressing this draft. Note this draft was further discussed at IETF 103 and 104 to resolve comments received. There was also some discomfort from enterprise users who were concerned about the time and expense needed to transition to newer versions. It should be noted that library support typically continues for years beyond the publication date of the RFC, e.g., OpenSSL released in Fall 2018 will support TLSv1.0 and TLSv1.1 for roughly another 4 years. The WGLC  did produce some fireworks. One participant very strongly believes that “Disabling TLSv1.0 will only result in lots of interop failures and pain, but no improvement in security”. The assertion was that the use of (RSA,MD) and (RSA,SHA-1) is allowed in TLS 1.2. This comment resulted in draft-lvelvindron-tls-md5-sha1-deprecate, which deprecates the use of MD5 and SHA1 in TLS1.2. The chairs determined that this draft could proceed without the MD5/SHA1 deprecation text as it is contained in another draft . IETF LC also added two RFCs to the updates list and more importantly a section was added to address operational considerations.  Link to WGLC thread: https://mailarchive.ietf.org/arch/msg/tls/cupb-OgiSK1ulpRANAbihPHc7zI  Link to chair msg: https://mailarchive.ietf.org/arch/msg/tls/xyMXqKQUZeztD5WupvI0uBp4OLA Document Quality The document got a great deal of review from many people. The list of documents updated was produced mechanically with a script and is believed to be accurate and complete. Implementations have started picking up the guidance to greater and lesser extent, but the only interoperability considerations are expected to be those listed in the operational considerations section of the document, since the change is just to remove support (whether entirely or by default) for the older protocol versions. Personnel The document shepherd is Sean Turner. The Area Director is Benjamin Kaduk.