So I re-read Steve's document. > To keep using TLS1.2 has been proposed and discussed many times over the > past year or so and is not acceptable for many reasons outlined in Steve > Fenters draft. So I will refer to that, rather than add repetition to the > list. But suffice to say it is well beyond PCI for most Enterprises. So I re-read Steve's document. This is what it says about TLS 1.2
TLS 1.2 [RFC5246] is not a long term option for enterprises. The RSA key exchange is gradually being removed by vendors as a TLS 1.2 option. For example, mobile devices have been seen to send TLS 1.2 Client Hello's with no RSA key exchange options. There is also the risk that new vulnerabilities and weaknesses will be discovered with TLS 1.2 and/or RSA that will accelerate its removal by other vendors. When significant vulnerabilities were found in SSL and early TLS in late 2014 (including POODLE), it took the PCI Security Standards Council less than a year to require a migration plan away from these SSL/TLS versions (PCI Information Supplement: Migrating from SSL and Early TLS). Enterprises are at risk that vulnerabilities could be found in TLS 1.2 or in the RSA key exchange, and that PCI will require upgrade to TLS 1.3. There is no guarantee that TLS 1.2 will be available many years into the future. We have an assertion. A general claim that it's being removed, supported by an observation that one or more mobile devices only do PFS. Worries about a possible risk being discovered in TLS 1.2 and static-RSA. That first paragraph contains very few facts, doesn't it? The second paragraph talks about how quickly PCI DSS moved. As a counterpoint, how quickly did they move to delay TLS 1.0 when organizations pushed back? SSL3 was "safe" to remove. So far they can't even follow industry best practices and remove TLS 1.0! The last part of the paragraph repeats the previous concern and adds nothing new. (To be fair, they are three pages apart.) So yes, let's discuss in detail why TLS 1.2 isn't acceptable because, from what I see, you haven't made the case. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls