On Mon, Oct 3, 2016 at 2:21 PM, BITS Security <bitssecur...@fsroundtable.org > wrote:
> If PCI has mandated upgrading TLS because of vulnerabilities, they are > likely to do it again and in fact have provided strong hints to the market > where they should be beyond the minimum requirement itself. This is simply not true. In 2015 the PCI council was pushing for updating to TLS 1.1+ in short order, but backed off out of "industry concerns" similar to the ones you are voicing here, and have delayed the mandatory rollout of TLS 1.1 until 2018. That's at least two years away. After that, they will deprecate TLS 1.1. That will probably take at least a year. So in 2019 (again, pure speculation as to the earliest time this will possibly happen), TLS 1.2 will be mandatory. After that, they may deprecate TLS 1.2 if it is demonstrated to be insecure. There is no reason to suspect at this point that that will even happen. TLS 1.2 is generally recognized as secure, and the "LTS" profile should fix whatever low-priority security concerns remain. > I don't see that the timing really matters because it isn't based on the > age of the standard, it is based on the standard becoming outdated. That is absolutely not true. The PCI's motivation for TLS version upgrades has been real-world security vulnerabilities, and again, it took them 15 years to deprecate TLS 1.0. There is absolutely no evidence that the PCI council plans on making TLS 1.3 mandatory any time soon, and if we follow a version-a-year cadence (which they're NOT presently working on, based on the one deprecation data point we have it's ~3 years per version) it will be 2020 at the earliest before it happens. You are asking the IETF to make a serious compromise regarding the security of the Internet based on *pure speculation*. A minimum degree of due diligence here would be to first ask the PCI council what their plans for mandating TLS 1.3 actually are, and if they *actually* give you a date that scares you, that might be a reason to voice concern so late in the process. I think what you're proposing is actively harmful to Internet security and you should be working with the PCI Council, not the IETF, to address your concerns. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls