Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

Hi Mike, On Tue, Oct 13, 2020 at 03:59:27PM -0400, Michael D'Errico wrote: > > Saying that it's your preference without saying why is likely > > to have little effect, yes. (We endeavor to make decisions > > based on technical merit, not voting, after all.) Why do you > > want this? > > Hi, >

Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

> On Oct 13, 2020, at 14:34, Benjamin Kaduk wrote: > > I think we still need to check for the latest version of the SP800-52r2 > reference, too. You are correct - the date should be August 2019: https://github.com/tlswg/oldversions-deprecate/pull/8 spt

Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

> Saying that it's your preference without saying why is likely > to have little effect, yes. (We endeavor to make decisions > based on technical merit, not voting, after all.) Why do you > want this? Hi, I think the advice should be: "If your code currently only supports TLS 1.0, please spend

Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

Hi Mike, On Tue, Oct 13, 2020 at 03:09:15PM -0400, Michael D'Errico wrote: > I know that saying this will have no effect, but I'd > rather see deprecation of just TLS 1.0 and retain > version 1.1 as not recommended. Saying that it's your preference without saying why is likely to have little

Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

I know that saying this will have no effect, but I'd rather see deprecation of just TLS 1.0 and retain version 1.1 as not recommended. Also, we should not abandon RFC 7507 (downgrade protection SCSV). What harm is there in keeping it around? None. Mike

Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

Thanks, Sean, the linked pull requests seem to do the trick. Skimming through https://mailarchive.ietf.org/arch/msg/tls/K9_uA6m0dD_oQCw-5kAbha-Kq5M/ once more, I think I still plan to put out a status-change document to move RFC 5469 (IDEA and DES ciphers) to Historic in parallel with the IETF LC

Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

Ben, Thanks for pointing out I missed a couple. Inline … spt > On Aug 13, 2020, at 13:54, Benjamin Kaduk wrote: > > Hi Kathleen, > > Also inline. > > On Wed, Aug 12, 2020 at 04:29:56PM -0400, Kathleen Moriarty wrote: >> Hi Ben, >> >> Thanks for your review. Some initial responses are

Re: [TLS] Sending Custom DHE Parameters in TLS 1.3

Hi, There was a reason custom DH parameters were removed. Custom DH parameters were the source of plenty of problems. I suggest reading: https://blog.hboeck.de/archives/841-Diffie-Hellman-and-TLS-with-nonsense-parameters.html https://eprint.iacr.org/2016/644