Re: [TLS] [EXT] Re: Adoption call for 'TLS 1.2 Feature Freeze'

Tue, 02 Jan 2024 17:41:12 -0800 

This draft will likely be ignored, except by the Web browser crowd, Swift UI, 
and such ilk. 

 

One problem with this draft is that such “fanatical/extremist” documents 
diminish credibility of the body that sanctioned them in the eyes of those who 
deal with “real” equipment (again, excluding stuff used to connect to YouTube 
or Amazon).

--

V/R,

Uri

 

There are two ways to design a system. One is to make it so simple there are 
obviously no deficiencies.

The other is to make it so complex there are no obvious deficiencies.

                                                                                
                                                     -  C. A. R. Hoare

 

 

From: TLS <[email protected]> on behalf of Rob Sayre <[email protected]>
Date: Tuesday, January 2, 2024 at 20:03
To: Martin Thomson <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [TLS] [EXT] Re: Adoption call for 'TLS 1.2 Feature Freeze'

 

It might be better to describe TLS 1. 2 as "overtaken by events". If you want 
to use CSS Grid or Swift UI (name any newish thing), you'll find yourself with 
a stack that supports TLS 1. 3, so there's no need to bother with TLS 

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender 
This message came from outside the Laboratory. 
ZjQcmQRYFpfptBannerEnd

It might be better to describe TLS 1.2 as "overtaken by events". If you want to 
use CSS Grid or Swift UI (name any newish thing), you'll find yourself with a 
stack that supports TLS 1.3, so there's no need to bother with TLS 1.2 in those 
cases. Turning off TLS 1.2 is sometimes a good idea, because that traffic is 
composed of undesirable bots in many cases.

 

I know people also work on things that are old, but it seems ok to call them 
really old, because that is true. No one seems to disagree with this point in 
the draft: "TLS 1.3 [TLS13] is also in widespread use and fixes most known 
deficiencies with TLS 1.2".

 

If you think this draft is so strict that it will be ignored, you have nothing 
to worry about.

 

thanks,

Rob

 

 

 

 

On Tue, Jan 2, 2024 at 1:19 PM Martin Thomson <[email protected]> wrote:

On Wed, Jan 3, 2024, at 01:20, Salz, Rich wrote:
> That is not what the just-adopted draft says.  It says that except for 
> ALPN and exporters that no new registrations will be accepted for TLS 
> 1.2 and that new entries should have a Note comment that says “for TLS 
> 1.3 or later”. This is a change in the current policy.  It has always 
> said this; see page 3 of [1].

I should learn to read the IANA considerations.  This current says:

> IANA will stop accepting registrations for any TLS parameters [TLS13REG] 
> except for the following

Aside from the fact that the wording also says that IANA will stop accepting 
TLS 1.3 registrations too, I think that this is a very bad idea.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to