On Fri, Dec 16, 2022 at 3:22 AM Peter Gutmann <[email protected]> wrote:
> Saying > "lalalalala I'm not listening, I'm not listening" won't deal with the fact > that there's a staggering amount of gear out there with product lifecycles > sometimes measured in decades that needs a sound basis for making decisions > about what to deploy, which this deprecation isn't providing. > > Maybe that's the way to resolve this, make it explicit that the deprecation > applies for web use and not for other uses like SCADA, embedded, or > anything > else that needs to take long-term usage into account. > I think describing the situation at the time-of-writing would be fine, but FFDHE should still be deprecated. At some point, one has to consult decades-old RFCs to interoperate with decades-old implementations. That's one of the reasons the IETF keeps the documents around. I'm a bit skeptical of the timelines you're aiming for, though. TLS 1.2 is from 2008, so anything older than that is deprecated by RFC 8996. Additionally, I think RFC 9325 covers this issue, and also gives some guidelines moving forward: "the overall approach is to encourage systems to move to TLS 1.3." thanks, Rob
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
