Good day!
On Sun, Aug 19, 2018 at 3:01 AM Stephen Farrell
wrote:
> 1. The bit you quote above is incomplete
Yep, but the rest of the paragraph just outlines *recommendations*
(or, even better, 'encouragements') while the draft states that "PCI
Council [is] deprecating TLSv1.0 and TLSv1.1 by
Hiya,
Thanks for reading the draft!
On 19/08/18 00:45, Artyom Gavrichenkov wrote:
> On Mon, Jul 9, 2018 at 7:42 PM Kathleen Moriarty
> wrote:
>> Stephen and I posted the draft below to see if the TLS working group
>> is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has
>> been a
On Mon, Jul 9, 2018 at 7:42 PM Kathleen Moriarty
wrote:
> Stephen and I posted the draft below to see if the TLS working group
> is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has
> been a recent drop off in usage for web applications due to the PCI
> Council recommendation to
On 07/09/2018 05:40 PM, Kathleen Moriarty wrote:
> Stephen and I posted the draft below to see if the TLS working group
> is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has
> been a recent drop off in usage for web applications due to the PCI
> Council recommendation to move off
On Saturday, 14 July 2018 18:59:01 CEST Yaron Sheffer wrote:
> >>> I'd encourage you to try get people to be open about
> >>> things here - there's no particular shame in having 10% TLSv1.0
> >>> sessions after all:-)
> >>
> >> It isn't a question of shame but it is just a bit too much
I'd encourage you to try get people to be open about
things here - there's no particular shame in having 10% TLSv1.0
sessions after all:-)
It isn't a question of shame but it is just a bit too much information
to provide a potential adversary. That is, to say that Stock Exchange XYZ
has n%
(Chair hat off.)
On Wed, Jul 11, 2018 at 10:37 AM, David Benjamin wrote:
> On Mon, Jul 9, 2018 at 12:58 PM Eric Rescorla wrote:
>>
>> On Mon, Jul 9, 2018 at 9:54 AM, Eric Rescorla wrote:
>>>
>>> Thanks for writing this.
>>>
>>> I would be in favor of deprecating old versions of TLS prior to
Hiya,
On 13/07/18 13:24, nalini elkins wrote:
> Stephen,
>
> Sorry for the late reply. I was travelling to Montreal from India and
> was jet lagged.
No problem. And that'll be me tomorrow:-)
I generally agree with Ekr's mail just now but a little bit
more below...
>
>>
>>> I am thinking
On Fri, Jul 13, 2018 at 5:24 AM, nalini elkins
wrote:
> Stephen,
>
> Sorry for the late reply. I was travelling to Montreal from India and
> was jet lagged.
>
> >
> >> I am thinking the following:
> >>
> >> Location: U.S. / Canada (possibly U.K.)
> >>
> >> - 3 banks (hopefully from the top 5)
Stephen,
Sorry for the late reply. I was travelling to Montreal from India and
was jet lagged.
>
>> I am thinking the following:
>>
>> Location: U.S. / Canada (possibly U.K.)
>>
>> - 3 banks (hopefully from the top 5)
>> - 3 large insurance companies (includes back end processing)
>> - 3
On Mon, Jul 9, 2018 at 12:58 PM Eric Rescorla wrote:
> On Mon, Jul 9, 2018 at 9:54 AM, Eric Rescorla wrote:
>
>> Thanks for writing this.
>>
>> I would be in favor of deprecating old versions of TLS prior to 1.2.
>> Firefox Telemetry shows that about 1% of our connections are TLS 1.1
>>
>
>
Contributions with data are welcomed and encouraged.
Thank you,
Kathleen
Sent from my mobile device
> On Jul 10, 2018, at 10:07 AM, Peter Gutmann wrote:
>
> nalini elkins writes:
>
>> It would be nice to see some of this reflected in the draft rather than only
>> statistics on browsers.
Hi Nalini,
I think it would be more useful to collect show stopper information. Do they
have systems or applications that cannot be upgraded as there is no upgrade
path? Do these systems or applications matter in terms of deprecation? It may
not matter if they are isolated or there is no
> I'm not sure that the fact that a lot of people are running downrev versions
> means we shouldn't say that the IETF no longer considers that good.
I totally and strongly agree.
___
TLS mailing list
TLS@ietf.org
I'd like to distinguish between two different questions:
1. Whether or not the IETF should recommend that people stop using older
versions of TLS.
2. Whether or not vendors should stop accepting/supporting older versions
of TLS.
The former one of these is just exhorting people to stop, which
Hiya,
On 11/07/18 06:45, nalini elkins wrote:
> Stephen,
>
>> I'd love to add more detail like that and/or more sections for other
> protocols if folks have data to offer with references.
>
> I believe that I can reach out to various people I know. Please comment
> if my methodology is
Stephen,
> I'd love to add more detail like that and/or more sections for other
protocols if folks have data to offer with references.
I believe that I can reach out to various people I know. Please comment
if my methodology is acceptable and if you think this will be helpful.
I am thinking
Hiya,
On 10/07/18 19:04, Viktor Dukhovni wrote:
> On Tue, Jul 10, 2018 at 09:21:04AM +0100, Stephen Farrell wrote:
>
>> I didn't have time before the I-D cutoff but have since
>> added a section on mail to the repo pre-01 version. (See
>> [1] section 3.2.) I'd love to add more detail like that
On Tue, Jul 10, 2018 at 09:21:04AM +0100, Stephen Farrell wrote:
> I didn't have time before the I-D cutoff but have since
> added a section on mail to the repo pre-01 version. (See
> [1] section 3.2.) I'd love to add more detail like that
> and/or more sections for other protocols if folks have
nalini elkins writes:
>It would be nice to see some of this reflected in the draft rather than only
>statistics on browsers. The real usage of these protocols is far more
>complex.
+1. It often seems that the only possible use for TLS that gets considered in
these things is web browsers and
Hi Nalini,
On 10/07/18 04:50, nalini elkins wrote:
> It would be nice to see some of this reflected in the draft rather than
> only statistics on browsers. The real usage of these protocols is far
> more complex.
I didn't have time before the I-D cutoff but have since
added a section on mail
gt;
> Andrei
>
>
>
> *From:* TLS *On Behalf Of * Eric Rescorla
> *Sent:* Monday, July 9, 2018 9:57 AM
> *To:* Kathleen Moriarty
> *Cc:*
> *Subject:* Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-
> oldversions-diediedie-00.txt
>
>
>
>
>
&g
I want to see these disappear, but I am guessing that there is still
some time before many products can make the move. For websites, like
the ones mentioned in the draft, that time is already here. As a site
operator, you do not want to talk to a browser that doesn't talk TLS
1.2.
Is there any
Andrei Popov wrote:
>
> On the recent Windows versions, TLS 1.0 is negotiated more than 10%
> of the time on the client side (this includes non-browser connections
> from all sorts of apps, some hard-coding TLS versions),
> and TLS 1.1 accounts for ~0.3% of client connections.
"On recent Windows
If we're looking for precedent and support, the Canadian government
recently (like in the last week or two) issued a policy requiring TLS 1.0
and 1.1 be disabled:
On Mon, Jul 9, 2018 at 8:54 PM, Eric Rescorla wrote:
> Thanks for writing this.
>
> I would be in favor of deprecating old versions of TLS prior to 1.2. Firefox
> Telemetry shows that about 1% of our connections are TLS 1.1 (on the same
> data set, TLS 1.3 is > 5%), and TLS 1.1 is negligible.
>
>
Without quoting any specific numbers, I share Alessandro's support for this,
while also emphasizing that it will be quite some time before my employer stops
supporting those versions.
___
TLS mailing list
TLS@ietf.org
FWIW, The next release of OpenSSL is an LTS release and will be supported for
five years. It disables SSLv3 by default, but does enable TLS1.0 and TLS1.1 by
default. (It also includes TLS1.3, nudge nudge RFC editor queue.)
On 7/9/18, 12:42 PM, "Kathleen Moriarty"
wrote:
Hello,
On Mon, Jul 09, 2018 at 12:40:54PM -0400, Kathleen Moriarty wrote:
> Hello,
>
> Stephen and I posted the draft below to see if the TLS working group
> is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has
> been a recent drop off in usage for web applications due to the PCI
>
.
Cheers,
Andrei
From: TLS On Behalf Of Eric Rescorla
Sent: Monday, July 9, 2018 9:57 AM
To: Kathleen Moriarty
Cc:
Subject: Re: [TLS] Fwd: New Version Notification for
draft-moriarty-tls-oldversions-diediedie-00.txt
On Mon, Jul 9, 2018 at 9:54 AM, Eric Rescorla
mailto:e...@rtfm.com
On Mon, Jul 9, 2018 at 9:54 AM, Eric Rescorla wrote:
> Thanks for writing this.
>
> I would be in favor of deprecating old versions of TLS prior to 1.2.
> Firefox Telemetry shows that about 1% of our connections are TLS 1.1
>
This should be 1.0.
(on the same data set, TLS 1.3 is > 5%), and
Thanks for writing this.
I would be in favor of deprecating old versions of TLS prior to 1.2.
Firefox Telemetry shows that about 1% of our connections are TLS 1.1 (on
the same data set, TLS 1.3 is > 5%), and TLS 1.1 is negligible.
This is probably a higher number than we'd be comfortable turning
Hello,
Stephen and I posted the draft below to see if the TLS working group
is ready to take steps to deprecate TLSv1.0 and TLSv1.1. There has
been a recent drop off in usage for web applications due to the PCI
Council recommendation to move off TLSv1.0, with a recommendation to
go to TLSv1.2 by
33 matches
Mail list logo