So I re-read Steve's document.

>    To keep using TLS1.2 has been proposed and discussed many times over the 
> past year or so and is not acceptable for many reasons outlined in Steve 
> Fenters draft.  So I will refer to that, rather than add repetition to the 
> list.  But suffice to say it is well beyond PCI for most Enterprises.  
So I re-read Steve's document.  This is what it says about TLS 1.2

   TLS 1.2 [RFC5246] is not a long term option for enterprises.  The RSA
   key exchange is gradually being removed by vendors as a TLS 1.2
   option. For example, mobile devices have been seen to send TLS 1.2
   Client Hello's with no RSA key exchange options.  There is also the
   risk that new vulnerabilities and weaknesses will be discovered with
   TLS 1.2 and/or RSA that will accelerate its removal by other vendors.

   When significant vulnerabilities were found in SSL and early TLS in
   late 2014 (including POODLE), it took the PCI Security Standards
   Council less than a year to require a migration plan away from these
   SSL/TLS versions (PCI Information Supplement: Migrating from SSL and
   Early TLS).  Enterprises are at risk that vulnerabilities could be
   found in TLS 1.2 or in the RSA key exchange, and that PCI will
   require upgrade to TLS 1.3.  There is no guarantee that TLS 1.2 will
   be available many years into the future.

We have an assertion. A general claim that it's being removed, supported by an 
observation that one or more mobile devices only do PFS.  Worries about a 
possible risk being discovered in TLS 1.2 and static-RSA.  That first paragraph 
contains very few facts, doesn't it?

The second paragraph talks about how quickly PCI DSS moved. As a counterpoint, 
how quickly did they move to delay TLS 1.0 when organizations pushed back?   
SSL3 was "safe" to remove.  So far they can't even follow industry best 
practices and remove TLS 1.0!  The last part of the paragraph repeats the 
previous concern and adds nothing new. (To be fair, they are three pages apart.)

So yes, let's discuss in detail why TLS 1.2 isn't acceptable because, from what 
I see, you haven't made the case.

TLS mailing list

Reply via email to