| draft-ietf-tls-oldversions-deprecate-00.txt | draft-ietf-tls-oldversions-deprecate-01.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force K. Moriarty | Internet Engineering Task Force K. Moriarty | |||
| Internet-Draft Dell EMC | Internet-Draft Dell EMC | |||
| Updates: [[List TBD]] (if approved) S. Farrell | Updates: 8465 8422 7568 7562 7507 7465 S. Farrell | |||
| Intended status: Standards Track Trinity College Dublin | 7255 7030 6750 6749 6739 6367 Trinity College Dublin | |||
| Expires: March 18, 2019 September 14, 2018 | 6176 6042 5878 5734 5469 5422 November 8, 2018 | |||
| 5364 5281 5263 5238 5216 5158 | ||||
| 5091 5054 5049 5024 5023 5019 | ||||
| 5018 4992 4976 4975 4964 4851 | ||||
| 4823 4791 4785 4744 4743 4732 | ||||
| 4712 4681 4680 4642 4616 4582 | ||||
| 4540 4531 4513 4497 4279 4261 | ||||
| 4235 4217 4168 4162 4111 4097 | ||||
| 3983 3943 3903 3887 3871 3856 | ||||
| 3767 3749 3656 3568 3552 3501 | ||||
| 3470 3436 3329 3261 (if | ||||
| approved) | ||||
| Intended status: Standards Track | ||||
| Expires: May 12, 2019 | ||||
| Deprecating TLSv1.0 and TLSv1.1 | Deprecating TLSv1.0 and TLSv1.1 | |||
| draft-ietf-tls-oldversions-deprecate-00 | draft-ietf-tls-oldversions-deprecate-01 | |||
| Abstract | Abstract | |||
| This document [if approved] formally deprecates Transport Layer | This document, if approved, formally deprecates Transport Layer | |||
| Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves | Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves | |||
| these documents to the historic state. These versions lack support | these documents to the historic state. These versions lack support | |||
| for current and recommended cipher suites, and various government and | for current and recommended cipher suites, and various government and | |||
| industry profiles of applications using TLS now mandate avoiding | industry profiles of applications using TLS now mandate avoiding | |||
| these old TLS versions. TLSv1.2 has been the recommended version for | these old TLS versions. TLSv1.2 has been the recommended version for | |||
| IETF protocols since 2008, providing sufficient time to transition | IETF protocols since 2008, providing sufficient time to transition | |||
| away from older versions. Products having to support older versions | away from older versions. Products having to support older versions | |||
| increase the attack surface unnecessarily and increase opportunities | increase the attack surface unnecessarily and increase opportunities | |||
| for misconfigurations. Supporting these older versions also requires | for misconfigurations. Supporting these older versions also requires | |||
| additional effort for library and product maintenance. | additional effort for library and product maintenance. | |||
| This document updates the backward compatibility sections of TLS RFCs | This document updates many RFCs that normatively refer to TLS1.0 or | |||
| [[list TBD]] to prohibit fallback to TLSv1.0 and TLSv1.1. This | TLS1.1 as described herein. This document also updates RFC 7525 and | |||
| document also updates RFC 7525. | hence is part of BCP195. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 18, 2019. | This Internet-Draft will expire on May 12, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Updates . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | ||||
| 2. Support for Deprecation . . . . . . . . . . . . . . . . . . . 4 | 2. Support for Deprecation . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Removing Support . . . . . . . . . . . . . . . . . . . . . . 5 | 3. SHA-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Do Not Use TLSv1.0 . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. Web . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 5. Do Not Use TLSv1.1 . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.2. Mail . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Updates to RFC7525 . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.3. Operating Systems . . . . . . . . . . . . . . . . . . . . 6 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.4. Enterprise Networks . . . . . . . . . . . . . . . . . . . 7 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5. SHA-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6. Do Not Use TLSv1.0 . . . . . . . . . . . . . . . . . . . . . 8 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 7. Do Not Use TLSv1.1 . . . . . . . . . . . . . . . . . . . . . 8 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 8. Do Not Use SHA-1 in TLSv1.2 . . . . . . . . . . . . . . . . . 9 | 10.2. Informative References . . . . . . . . . . . . . . . . . 16 | |||
| 9. Updates to RFC7525 . . . . . . . . . . . . . . . . . . . . . 9 | Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 | ||||
| 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | ||||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | ||||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 10 | ||||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 11 | ||||
| Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 14 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | ||||
| 1. Introduction | 1. Introduction | |||
| [[Text in double-square brackets is intended to be fixed as the draft | ||||
| evolves. You've seen that we need to figure out the list of RFCs | ||||
| that this'd update in the abstract. There is a repo for this at: | ||||
| https://github.com/tlswg/oldversions-deprecate - PRs (on the xml | ||||
| file) are welcome there.]] | ||||
| Transport Layer Security (TLS) versions 1.0 [RFC2246] and 1.1 | Transport Layer Security (TLS) versions 1.0 [RFC2246] and 1.1 | |||
| [RFC4346] were superceded by TLSv1.2 [RFC5246] in 2008, which has now | [RFC4346] were superceded by TLSv1.2 [RFC5246] in 2008, which has now | |||
| itself been superceded by TLSv1.3 [RFC8446]. It is therefore timely | itself been superceded by TLSv1.3 [RFC8446]. It is therefore timely | |||
| to further deprecate these old versions. The expectation is that | to further deprecate these old versions. The expectation is that | |||
| TLSv1.2 will continue to be used for many years alongside TLSv1.3. | TLSv1.2 will continue to be used for many years alongside TLSv1.3. | |||
| TLSv1.1 and TLSv1.0 are also actively being deprecated in accordance | TLSv1.1 and TLSv1.0 are also actively being deprecated in accordance | |||
| with guidance from government agencies (e.g. NIST SP 80052r2 | with guidance from government agencies (e.g. NIST SP 80052r2 | |||
| [NIST800-52r2]) and industry consortia such as the Payment Card | [NIST800-52r2]) and industry consortia such as the Payment Card | |||
| Industry Association (PCI) [PCI-TLS1]. | Industry Association (PCI) [PCI-TLS1]. | |||
| skipping to change at page 3, line 41 ¶ | skipping to change at page 3, line 44 ¶ | |||
| libraries would need to use older versions of the libraries to | libraries would need to use older versions of the libraries to | |||
| support TLSv1.0 and TLSv1.1, which is clearly undesirable | support TLSv1.0 and TLSv1.1, which is clearly undesirable | |||
| Deprecation of these versions is intended to assist developers as | Deprecation of these versions is intended to assist developers as | |||
| additional justification to no longer support older TLS versions and | additional justification to no longer support older TLS versions and | |||
| to migrate to a minimum of TLSv1.2. Deprecation also assists product | to migrate to a minimum of TLSv1.2. Deprecation also assists product | |||
| teams with phasing out support for the older versions to reduce the | teams with phasing out support for the older versions to reduce the | |||
| attack surface and the scope of maintenance for protocols in their | attack surface and the scope of maintenance for protocols in their | |||
| offerings. | offerings. | |||
| [[This draft is being written now so that the TLS WG chairs can just | 1.1. Updates | |||
| hit the "publication requested" button as soon as there is WG | ||||
| consensus to deprecate these ancient versions of TLS. The authors | ||||
| however think that deprecation now is timely.]] | ||||
| 1.1. Terminology | This document updates these RFCs that normatively reference TLS1.0 or | |||
| TLS1.1 and have not been obsoleted: [RFC8465] [RFC8422] [RFC7568] | ||||
| [RFC7562] [RFC7507] [RFC7465] [RFC7255] [RFC7030] [RFC6750] [RFC6749] | ||||
| [RFC6739] [RFC6367] [RFC6176] [RFC6042] [RFC5878] [RFC5734] [RFC5469] | ||||
| [RFC5422] [RFC5364] [RFC5281] [RFC5263] [RFC5238] [RFC5216] [RFC5158] | ||||
| [RFC5091] [RFC5054] [RFC5049] [RFC5024] [RFC5023] [RFC5019] [RFC5018] | ||||
| [RFC4992] [RFC4976] [RFC4975] [RFC4964] [RFC4851] [RFC4823] [RFC4791] | ||||
| [RFC4785] [RFC4744] [RFC4743] [RFC4732] [RFC4712] [RFC4681] [RFC4680] | ||||
| [RFC4642] [RFC4616] [RFC4582] [RFC4540] [RFC4531] [RFC4513] [RFC4497] | ||||
| [RFC4279] [RFC4261] [RFC4235] [RFC4217] [RFC4168] [RFC4162] [RFC4111] | ||||
| [RFC4097] [RFC3983] [RFC3943] [RFC3903] [RFC3887] [RFC3871] [RFC3856] | ||||
| [RFC3767] [RFC3749] [RFC3656] [RFC3568] [RFC3552] [RFC3501] [RFC3470] | ||||
| [RFC3436] [RFC3329] [RFC3261] | ||||
| In addition these RFCs normatively refer to TLS1.0 or TLS1.1 and have | ||||
| been obsoleted, or informatively refer to TLS1.0 or TLS1.1: [RFC5101] | ||||
| [RFC5081] [RFC5077] [RFC4934] [RFC4572] [RFC4507] [RFC4492] [RFC4366] | ||||
| [RFC4347] [RFC4244] [RFC4132] [RFC3920] [RFC3734] [RFC3588] [RFC3546] | ||||
| [RFC3489] [RFC3316] | ||||
| 1.2. Terminology | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 2. Support for Deprecation | 2. Support for Deprecation | |||
| Industry has actively followed guidance provided by NIST and the PCI | Industry has actively followed guidance provided by NIST and the PCI | |||
| Council to deprecate TLSv1.0 and TLSv1.1 by June 30, 2018. TLSv1.2 | Council to deprecate TLSv1.0 and TLSv1.1 by June 30, 2018. TLSv1.2 | |||
| should remain a minimum baseline for TLS support at this time. | should remain a minimum baseline for TLS support at this time. | |||
| Specific details on attacks against TLSv1.0 and TLSv1.1 as well as | Specific details on attacks against TLSv1.0 and TLSv1.1 as well as | |||
| their mitigations are provided in NIST SP800-52r2 [NIST800-52r2], RFC | their mitigations are provided in NIST SP800-52r2 [NIST800-52r2], RFC | |||
| 7457 [RFC7457] and other referenced RFCs. Although the attacks have | 7457 [RFC7457] and other referenced RFCs. Although the attacks have | |||
| been mitigated, if support is dropped for future library releases for | been mitigated, if support is dropped for future library releases for | |||
| these versions, it is unlikely attacks found going forward will be | these versions, it is unlikely attacks found going forward will be | |||
| mitigated in older library releases. | mitigated in older library releases. | |||
| NIST for example have provided the following rationale, copied with | NIST for example have provided the following rationale, copied with | |||
| permission from NIST SP800-52r2 [NIST800-52r2], section 1.2 "History | permission from NIST SP800-52r2 [NIST800-52r2], section 1.2 "History | |||
| of TLS" (with references changed for RFC formatting). | of TLS" (with references changed for RFC formatting). | |||
| TLS 1.1, specified in [RFC4346], was developed to address | TLS 1.1, specified in [RFC4346], was developed to address | |||
| weaknesses discovered in TLS 1.0, primarily in the areas of | weaknesses discovered in TLS 1.0, primarily in the areas of | |||
| skipping to change at page 5, line 8 ¶ | skipping to change at page 5, line 26 ¶ | |||
| TLS 1.3, specified in TLSv1.3 [RFC8446], represents a significant | TLS 1.3, specified in TLSv1.3 [RFC8446], represents a significant | |||
| change to TLS that aims to address threats that have arisen over | change to TLS that aims to address threats that have arisen over | |||
| the years. Among the changes are a new handshake protocol, a new | the years. Among the changes are a new handshake protocol, a new | |||
| key derivation process that uses the HMAC-based Extract-and-Expand | key derivation process that uses the HMAC-based Extract-and-Expand | |||
| Key Derivation Function (HKDF), and the removal of cipher suites | Key Derivation Function (HKDF), and the removal of cipher suites | |||
| that use static RSA or DH key exchanges, the CBC mode of | that use static RSA or DH key exchanges, the CBC mode of | |||
| operation, or SHA-1. The list of extensions that can be used with | operation, or SHA-1. The list of extensions that can be used with | |||
| TLS 1.3 has been reduced considerably. | TLS 1.3 has been reduced considerably. | |||
| The Canadian government treasury board have mandated that these old | The Canadian government treasury board have also mandated that these | |||
| versions of TLS not be used. [Canada] | old versions of TLS not be used. [Canada] | |||
| 3. Removing Support | ||||
| [[This section can be removed upon publication - or maybe keep it?]] | ||||
| Support for TLSv1.0 has been removed by the July 2018 PCI deadline | ||||
| from the following standards, products, and services: | ||||
| o 3GPP 5G | ||||
| o Amazon Elastic Load Balancing [Amazon] | ||||
| o CloudFlare [CloudFlare] | ||||
| o Digicert [Digicert] | ||||
| o GitHub [GIT] | ||||
| o KeyCDN [KeyCDN] | ||||
| o PayPal [paypal] | ||||
| o Stripe [stripe] | ||||
| o [[Numerous web sites...]] | ||||
| Many web sites have taken the action of including the deprecation of | ||||
| TLSv1.1 into their plans for deprecating TLSv1.0 for the PCI council | ||||
| deadline. Support for TLSv1.1 has been removed by the July 2018 PCI | ||||
| deadline from the following standards, products, and services: | ||||
| o 3GPP 5G Release 16 | ||||
| o Amazon Elastic Load Balancing [Amazon] | ||||
| o CloudFlare [CloudFlare] | ||||
| o GitHub [GIT] | ||||
| o PayPal [paypal] | ||||
| o Stripe [stripe] | ||||
| o [[Numerous web sites...]] | ||||
| 4. Usage | ||||
| [[This section can be removed upon publication - or maybe keep it?]] | ||||
| 4.1. Web | ||||
| Usage statistics for TLSv1.0 and TLSv1.1 on the public web vary, but | ||||
| have been in general very low and declined further with the impending | ||||
| PCI deadline to migrate off of TLSv1.0 by June 30, 2018. As of | ||||
| January 2018, [StackExchange] quoted 4 percent of browsers using | ||||
| TLSv1.0. | ||||
| The number of websites supporting TLS 1.2 is still growing (+0.4%), | ||||
| and has reached 92% according to sslpulse as of June 19, 2018. | ||||
| [SSLpulse] Deprecating TLS 1.0 and TLS 1.1 will thus not have a major | ||||
| impact on browser or web server implementations. | ||||
| Figure 1 presents statistics for use of TLS versions in the web. | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| | Name/Ref | Date | SSLv3|TLSv1.0|TLSv1.1|TLSv1.2|TLSv1.3| | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| ! Alexa [1] | 20180226 | - | 2.0 | <0.1 | 97.9 | - | | ||||
| | Cloudflare [2] | 20180518 | 0.0 | 9.3 | 0.2 | 84.9 | 5.5 | | ||||
| | Firefox [3] | 20180709 | - | 1.0 | - | 94.0 | 5.0 | | ||||
| | Chrome [4] | 20180711 | - | 0.4 | <0.1 | - | - | | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| [1] https://scotthelme.co.uk/alexa-top-1-million-analysis-february-2018/ | ||||
| [2] https://www.ietf.org/mail-archive/web/tls/current/msg26578.html | ||||
| [3] https://www.ietf.org/mail-archive/web/tls/current/msg26575.html | ||||
| [4] https://www.ietf.org/mail-archive/web/tls/current/msg26620.html | ||||
| Figure 1: Web Statistics | ||||
| 4.2. Mail | ||||
| E-Mail uses TLS for SMTP, submission (port 587), POP/POP3 and IMAP. | ||||
| Typically email deployments lag public web deployments in terms of | ||||
| the rate of adoption of new TLS versions. Figure 2 presents | ||||
| statistics for use of TLS versions in the email applications. | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| | Name/Ref | Date | SSLv3|TLSv1.0|TLSv1.1|TLSv1.2|TLSv1.3| | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| | Clusters [1] | 20180316 | <0.1 | 10.6 | <0.1 | 89.3 | - | | ||||
| | TLSA [2] | 20180710 | - | 1.4 | 0.1 | 98.5 | - | | ||||
| | UK-ESP [3] | 20180710 | - | 19.9 | <0.1 | - | - | | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| [1] https://eprint.iacr.org/2018/299 | ||||
| [2] https://www.ietf.org/mail-archive/web/tls/current/msg26603.html | ||||
| [3] https://www.ietf.org/mail-archive/web/tls/current/msg26603.html | ||||
| Figure 2: Mail Statistics | ||||
| 4.3. Operating Systems | ||||
| Figure 3 presents statistics for use of TLS versions in operating | ||||
| systems. | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| | Name/Ref | Date | SSLv3|TLSv1.0|TLSv1.1|TLSv1.2|TLSv1.3| | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| | Windows cli [1]| 20180709 | - | >10.0 | ~0.3 | - | - | | ||||
| | Windows svr [1]| 20180709 | - | ~1.5 | ~0.0 | - | - | | ||||
| | Apple [2] | 20180709 | - | 0.4 | - | 99.6 | - | | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| [1] https://www.ietf.org/mail-archive/web/tls/current/msg26577.html | ||||
| [2] https://www.ietf.org/mail-archive/web/tls/current/msg26634.html | ||||
| Figure 3: Operating System Statistics | ||||
| 4.4. Enterprise Networks | ||||
| Figure 4 presents statistics for use of TLS versions in the | ||||
| enterprise networks. The tcd.ie numbers below were the result of a | ||||
| student project and need further validation. | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| | Name/Ref | Date | SSLv3|TLSv1.0|TLSv1.1|TLSv1.2|TLSv1.3| | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| | tcd.ie [1] | 20180713 | 18.0 | 35.0 | 0 | 45.0 | 0 | | ||||
| +----------------+----------+------+-------+-------+-------+-------+ | ||||
| [1] https://www.ietf.org/mail-archive/web/tls/current/msg26633.html | ||||
| Figure 4: Enterprise Network Statistics | Various companies and web sites have announced plans to deprecate | |||
| these old versions of TLS. | ||||
| 5. SHA-1 | 3. SHA-1 | |||
| The integrity of both TLSv1.0 and TLSv1.1 depends on a running SHA-1 | The integrity of both TLSv1.0 and TLSv1.1 depends on a running SHA-1 | |||
| hash of the exchanged messages. This makes it possible to perform a | hash of the exchanged messages. This makes it possible to perform a | |||
| downgrade attack on the handshake by an attacker able to perform 2^77 | downgrade attack on the handshake by an attacker able to perform 2^77 | |||
| operations, well below the acceptable modern security margin. | operations, well below the acceptable modern security margin. | |||
| Similarly, the authentication of the handshake depends on signatures | Similarly, the authentication of the handshake depends on signatures | |||
| made using SHA-1 hash or a not stronger concatenation of MD-5 and | made using SHA-1 hash or a not stronger concatenation of MD-5 and | |||
| SHA-1 hashes, allowing the attacker to impersonate a server when it | SHA-1 hashes, allowing the attacker to impersonate a server when it | |||
| is able to break the severely weakened SHA-1 hash. | is able to break the severely weakened SHA-1 hash. | |||
| Neither TLSv1.0 nor TLSv1.1 allow the peers to select a stronger hash | Neither TLSv1.0 nor TLSv1.1 allow the peers to select a stronger hash | |||
| for signatures in the ServerKeyExchange or CertificateVerify | for signatures in the ServerKeyExchange or CertificateVerify | |||
| messages, making the only upgrade path the use of a newer protocol | messages, making the only upgrade path the use of a newer protocol | |||
| version. | version. | |||
| See [Bhargavan2016] for additional detail. | See [Bhargavan2016] for additional detail. | |||
| 6. Do Not Use TLSv1.0 | 4. Do Not Use TLSv1.0 | |||
| TLSv1.0 MUST NOT be used. Negotiation of TLSv1.0 from any version of | TLSv1.0 MUST NOT be used. Negotiation of TLSv1.0 from any version of | |||
| TLS MUST NOT be permitted. | TLS MUST NOT be permitted. | |||
| Any other version of TLS is more secure then TLSv1.0. TLSv1.0 can be | Any other version of TLS is more secure than TLSv1.0. TLSv1.0 can be | |||
| configured to prevent interception, though using the highest version | configured to prevent interception, though using the highest version | |||
| available is preferable. | available is preferable. | |||
| Pragmatically, clients MUST NOT send a ClientHello with | Pragmatically, clients MUST NOT send a ClientHello with | |||
| ClientHello.client_version set to {03,01}. Similarly, servers MUST | ClientHello.client_version set to {03,01}. Similarly, servers MUST | |||
| NOT send a ServerHello with ServerHello.server_version set to | NOT send a ServerHello with ServerHello.server_version set to | |||
| {03,01}. Any party receiving a Hello message with the protocol | {03,01}. Any party receiving a Hello message with the protocol | |||
| version set to {03,01} MUST respond with a "protocol_version" alert | version set to {03,01} MUST respond with a "protocol_version" alert | |||
| message and close the connection. | message and close the connection. | |||
| Historically, TLS specifications were not clear on what the record | Historically, TLS specifications were not clear on what the record | |||
| layer version number (TLSPlaintext.version) could contain when | layer version number (TLSPlaintext.version) could contain when | |||
| sending ClientHello. Appendix E of [RFC5246] notes that | sending ClientHello. Appendix E of [RFC5246] notes that | |||
| TLSPlaintext.version could be selected to maximize interoperability, | TLSPlaintext.version could be selected to maximize interoperability, | |||
| though no definitive value is identified as ideal. That guidance is | though no definitive value is identified as ideal. That guidance is | |||
| still applicable; therefore, TLS servers MUST accept any value | still applicable; therefore, TLS servers MUST accept any value | |||
| {03,XX} (including {03,00}) as the record layer version number for | {03,XX} (including {03,00}) as the record layer version number for | |||
| ClientHello, but they MUST NOT negotiate TLSv1.0. | ClientHello, but they MUST NOT negotiate TLSv1.0. | |||
| [[Text here is derived (or stolen:-) from [RFC7568]]] | 5. Do Not Use TLSv1.1 | |||
| 7. Do Not Use TLSv1.1 | ||||
| TLSv1.1 MUST NOT be used. Negotiation of TLSv1.1 from any version of | TLSv1.1 MUST NOT be used. Negotiation of TLSv1.1 from any version of | |||
| TLS MUST NOT be permitted. | TLS MUST NOT be permitted. | |||
| Pragmatically, clients MUST NOT send a ClientHello with | Pragmatically, clients MUST NOT send a ClientHello with | |||
| ClientHello.client_version set to {03,02}. Similarly, servers MUST | ClientHello.client_version set to {03,02}. Similarly, servers MUST | |||
| NOT send a ServerHello with ServerHello.server_version set to | NOT send a ServerHello with ServerHello.server_version set to | |||
| {03,02}. Any party receiving a Hello message with the protocol | {03,02}. Any party receiving a Hello message with the protocol | |||
| version set to {03,02} MUST respond with a "protocol_version" alert | version set to {03,02} MUST respond with a "protocol_version" alert | |||
| message and close the connection. | message and close the connection. | |||
| Any newer version of TLS is more secure then TLSv1.1. TLSv1.1 can be | Any newer version of TLS is more secure than TLSv1.1. TLSv1.1 can be | |||
| configured to prevent interception, though using the highest version | configured to prevent interception, though using the highest version | |||
| available is preferable. Support for TLSv1.1 is dwindling in | available is preferable. Support for TLSv1.1 is dwindling in | |||
| libraries and will impact security going forward if mitigations for | libraries and will impact security going forward if mitigations for | |||
| attacks cannot be easily addressed and supported in older libraries. | attacks cannot be easily addressed and supported in older libraries. | |||
| Historically, TLS specifications were not clear on what the record | Historically, TLS specifications were not clear on what the record | |||
| layer version number (TLSPlaintext.version) could contain when | layer version number (TLSPlaintext.version) could contain when | |||
| sending ClientHello. Appendix E of [RFC5246] notes that | sending ClientHello. Appendix E of [RFC5246] notes that | |||
| TLSPlaintext.version could be selected to maximize interoperability, | TLSPlaintext.version could be selected to maximize interoperability, | |||
| though no definitive value is identified as ideal. That guidance is | though no definitive value is identified as ideal. That guidance is | |||
| still applicable; therefore, TLS servers MUST accept any value | still applicable; therefore, TLS servers MUST accept any value | |||
| {03,XX} (including {03,00}) as the record layer version number for | {03,XX} (including {03,00}) as the record layer version number for | |||
| ClientHello, but they MUST NOT negotiate TLSv1.1. | ClientHello, but they MUST NOT negotiate TLSv1.1. | |||
| 8. Do Not Use SHA-1 in TLSv1.2 | 6. Updates to RFC7525 | |||
| [[This section was suggested in PR#2 for the pre-WG draft repo by | ||||
| Hubert Kario. We're not clear if the WG would like this draft to | ||||
| include this or not, so will ask the TLS WG at the appropriate | ||||
| time.]] | ||||
| SHA-1 as a signature hash MUST NOT be used. That means that clients | ||||
| MUST send signature_algorithms extension and that extension MUST NOT | ||||
| include pairs that include SHA-1 hash. In particular, values {2, 1}, | ||||
| {2, 2} and {2, 3} MUST NOT be present in the extension. | ||||
| Note: this does not affect cipher suites that use SHA-1 HMAC for data | ||||
| integrity as the HMAC construction is still considered secure and | ||||
| when they are used in TLSv1.2 SHA-256 is used for handshake | ||||
| integrity. | ||||
| 9. Updates to RFC7525 | ||||
| [[Since RFC7525 is BCP195, there'll probably be some process-fun to | ||||
| do an update of that. Formally, it may be that this document becomes | ||||
| a new part of BCP195 I guess, but we can figure that out with chairs | ||||
| and ADs.]] | ||||
| This documents updates [RFC7525] Section 3.1.1 changing SHOULD NOT to | This documents updates [RFC7525] Section 3.1.1 changing SHOULD NOT to | |||
| MUST NOT as follows: | MUST NOT as follows: | |||
| o Implementations MUST NOT negotiate TLS version 1.0 [RFC2246]. | o Implementations MUST NOT negotiate TLS version 1.0 [RFC2246]. | |||
| Rationale: TLS 1.0 (published in 1999) does not support many | Rationale: TLS 1.0 (published in 1999) does not support many | |||
| modern, strong cipher suites. In addition, TLS 1.0 lacks a per- | modern, strong cipher suites. In addition, TLS 1.0 lacks a per- | |||
| record Initialization Vector (IV) for CBC-based cipher suites and | record Initialization Vector (IV) for CBC-based cipher suites and | |||
| does not warn against common padding errors. | does not warn against common padding errors. | |||
| skipping to change at page 10, line 9 ¶ | skipping to change at page 7, line 33 ¶ | |||
| over TLS 1.0 but still does not support certain stronger cipher | over TLS 1.0 but still does not support certain stronger cipher | |||
| suites. | suites. | |||
| This documents updates [RFC7525] Section 3.1.2 changing SHOULD NOT to | This documents updates [RFC7525] Section 3.1.2 changing SHOULD NOT to | |||
| MUST NOT as follows: | MUST NOT as follows: | |||
| o Implementations MUST NOT negotiate DTLS version 1.0 [RFC4347]. | o Implementations MUST NOT negotiate DTLS version 1.0 [RFC4347]. | |||
| Version 1.0 of DTLS correlates to version 1.1 of TLS (see above). | Version 1.0 of DTLS correlates to version 1.1 of TLS (see above). | |||
| 10. Security Considerations | 7. Security Considerations | |||
| This document deprecates two older protocol versions for security | This document deprecates two older protocol versions for security | |||
| reasons already described. The attack surface is reduced when there | reasons already described. The attack surface is reduced when there | |||
| are a smaller number of supported protocols and fallback options are | are a smaller number of supported protocols and fallback options are | |||
| removed. | removed. | |||
| 11. Acknowledgements | 8. Acknowledgements | |||
| Thanks to those that provided usage data, reviewed and/or improved | Thanks to those that provided usage data, reviewed and/or improved | |||
| this document, including: David Benjamin, David Black, Viktor | this document, including: David Benjamin, David Black, Viktor | |||
| Dukhovni, Alessandro Ghedini, Jeremy Harris, Russ Housley, Hubert | Dukhovni, Alessandro Ghedini, Jeremy Harris, Russ Housley, Hubert | |||
| Kario, Loganaden Velvindron, Eric Mill, Yoav Nir, Andrei Popov, Eric | Kario, Loganaden Velvindron, Eric Mill, Yoav Nir, Andrei Popov, Eric | |||
| Rescorla, Yaron Sheffer, and Jakub Wilk. | Rescorla, Yaron Sheffer, https://github.com/yaleman, and Jakub Wilk. | |||
| 12. IANA Considerations | 9. IANA Considerations | |||
| [[This memo includes no request to IANA.]] | [[This memo includes no request to IANA.]] | |||
| 13. References | 10. References | |||
| 13.1. Normative References | 10.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", | [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", | |||
| RFC 2246, DOI 10.17487/RFC2246, January 1999, | RFC 2246, DOI 10.17487/RFC2246, January 1999, | |||
| <https://www.rfc-editor.org/info/rfc2246>. | <https://www.rfc-editor.org/info/rfc2246>. | |||
| [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, | ||||
| A., Peterson, J., Sparks, R., Handley, M., and E. | ||||
| Schooler, "SIP: Session Initiation Protocol", RFC 3261, | ||||
| DOI 10.17487/RFC3261, June 2002, | ||||
| <https://www.rfc-editor.org/info/rfc3261>. | ||||
| [RFC3329] Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., and T. | ||||
| Haukka, "Security Mechanism Agreement for the Session | ||||
| Initiation Protocol (SIP)", RFC 3329, | ||||
| DOI 10.17487/RFC3329, January 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3329>. | ||||
| [RFC3436] Jungmaier, A., Rescorla, E., and M. Tuexen, "Transport | ||||
| Layer Security over Stream Control Transmission Protocol", | ||||
| RFC 3436, DOI 10.17487/RFC3436, December 2002, | ||||
| <https://www.rfc-editor.org/info/rfc3436>. | ||||
| [RFC3470] Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for | ||||
| the Use of Extensible Markup Language (XML) within IETF | ||||
| Protocols", BCP 70, RFC 3470, DOI 10.17487/RFC3470, | ||||
| January 2003, <https://www.rfc-editor.org/info/rfc3470>. | ||||
| [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION | ||||
| 4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3501>. | ||||
| [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC | ||||
| Text on Security Considerations", BCP 72, RFC 3552, | ||||
| DOI 10.17487/RFC3552, July 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3552>. | ||||
| [RFC3568] Barbir, A., Cain, B., Nair, R., and O. Spatscheck, "Known | ||||
| Content Network (CN) Request-Routing Mechanisms", | ||||
| RFC 3568, DOI 10.17487/RFC3568, July 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3568>. | ||||
| [RFC3656] Siemborski, R., "The Mailbox Update (MUPDATE) Distributed | ||||
| Mailbox Database Protocol", RFC 3656, | ||||
| DOI 10.17487/RFC3656, December 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3656>. | ||||
| [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol | ||||
| Compression Methods", RFC 3749, DOI 10.17487/RFC3749, May | ||||
| 2004, <https://www.rfc-editor.org/info/rfc3749>. | ||||
| [RFC3767] Farrell, S., Ed., "Securely Available Credentials | ||||
| Protocol", RFC 3767, DOI 10.17487/RFC3767, June 2004, | ||||
| <https://www.rfc-editor.org/info/rfc3767>. | ||||
| [RFC3856] Rosenberg, J., "A Presence Event Package for the Session | ||||
| Initiation Protocol (SIP)", RFC 3856, | ||||
| DOI 10.17487/RFC3856, August 2004, | ||||
| <https://www.rfc-editor.org/info/rfc3856>. | ||||
| [RFC3871] Jones, G., Ed., "Operational Security Requirements for | ||||
| Large Internet Service Provider (ISP) IP Network | ||||
| Infrastructure", RFC 3871, DOI 10.17487/RFC3871, September | ||||
| 2004, <https://www.rfc-editor.org/info/rfc3871>. | ||||
| [RFC3887] Hansen, T., "Message Tracking Query Protocol", RFC 3887, | ||||
| DOI 10.17487/RFC3887, September 2004, | ||||
| <https://www.rfc-editor.org/info/rfc3887>. | ||||
| [RFC3903] Niemi, A., Ed., "Session Initiation Protocol (SIP) | ||||
| Extension for Event State Publication", RFC 3903, | ||||
| DOI 10.17487/RFC3903, October 2004, | ||||
| <https://www.rfc-editor.org/info/rfc3903>. | ||||
| [RFC3943] Friend, R., "Transport Layer Security (TLS) Protocol | ||||
| Compression Using Lempel-Ziv-Stac (LZS)", RFC 3943, | ||||
| DOI 10.17487/RFC3943, November 2004, | ||||
| <https://www.rfc-editor.org/info/rfc3943>. | ||||
| [RFC3983] Newton, A. and M. Sanz, "Using the Internet Registry | ||||
| Information Service (IRIS) over the Blocks Extensible | ||||
| Exchange Protocol (BEEP)", RFC 3983, DOI 10.17487/RFC3983, | ||||
| January 2005, <https://www.rfc-editor.org/info/rfc3983>. | ||||
| [RFC4097] Barnes, M., Ed., "Middlebox Communications (MIDCOM) | ||||
| Protocol Evaluation", RFC 4097, DOI 10.17487/RFC4097, June | ||||
| 2005, <https://www.rfc-editor.org/info/rfc4097>. | ||||
| [RFC4111] Fang, L., Ed., "Security Framework for Provider- | ||||
| Provisioned Virtual Private Networks (PPVPNs)", RFC 4111, | ||||
| DOI 10.17487/RFC4111, July 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4111>. | ||||
| [RFC4162] Lee, H., Yoon, J., and J. Lee, "Addition of SEED Cipher | ||||
| Suites to Transport Layer Security (TLS)", RFC 4162, | ||||
| DOI 10.17487/RFC4162, August 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4162>. | ||||
| [RFC4168] Rosenberg, J., Schulzrinne, H., and G. Camarillo, "The | ||||
| Stream Control Transmission Protocol (SCTP) as a Transport | ||||
| for the Session Initiation Protocol (SIP)", RFC 4168, | ||||
| DOI 10.17487/RFC4168, October 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4168>. | ||||
| [RFC4217] Ford-Hutchinson, P., "Securing FTP with TLS", RFC 4217, | ||||
| DOI 10.17487/RFC4217, October 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4217>. | ||||
| [RFC4235] Rosenberg, J., Schulzrinne, H., and R. Mahy, Ed., "An | ||||
| INVITE-Initiated Dialog Event Package for the Session | ||||
| Initiation Protocol (SIP)", RFC 4235, | ||||
| DOI 10.17487/RFC4235, November 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4235>. | ||||
| [RFC4261] Walker, J. and A. Kulkarni, Ed., "Common Open Policy | ||||
| Service (COPS) Over Transport Layer Security (TLS)", | ||||
| RFC 4261, DOI 10.17487/RFC4261, December 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4261>. | ||||
| [RFC4279] Eronen, P., Ed. and H. Tschofenig, Ed., "Pre-Shared Key | ||||
| Ciphersuites for Transport Layer Security (TLS)", | ||||
| RFC 4279, DOI 10.17487/RFC4279, December 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4279>. | ||||
| [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.1", RFC 4346, | (TLS) Protocol Version 1.1", RFC 4346, | |||
| DOI 10.17487/RFC4346, April 2006, | DOI 10.17487/RFC4346, April 2006, | |||
| <https://www.rfc-editor.org/info/rfc4346>. | <https://www.rfc-editor.org/info/rfc4346>. | |||
| [RFC4497] Elwell, J., Derks, F., Mourot, P., and O. Rousseau, | ||||
| "Interworking between the Session Initiation Protocol | ||||
| (SIP) and QSIG", BCP 117, RFC 4497, DOI 10.17487/RFC4497, | ||||
| May 2006, <https://www.rfc-editor.org/info/rfc4497>. | ||||
| [RFC4513] Harrison, R., Ed., "Lightweight Directory Access Protocol | ||||
| (LDAP): Authentication Methods and Security Mechanisms", | ||||
| RFC 4513, DOI 10.17487/RFC4513, June 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4513>. | ||||
| [RFC4531] Zeilenga, K., "Lightweight Directory Access Protocol | ||||
| (LDAP) Turn Operation", RFC 4531, DOI 10.17487/RFC4531, | ||||
| June 2006, <https://www.rfc-editor.org/info/rfc4531>. | ||||
| [RFC4540] Stiemerling, M., Quittek, J., and C. Cadar, "NEC's Simple | ||||
| Middlebox Configuration (SIMCO) Protocol Version 3.0", | ||||
| RFC 4540, DOI 10.17487/RFC4540, May 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4540>. | ||||
| [RFC4582] Camarillo, G., Ott, J., and K. Drage, "The Binary Floor | ||||
| Control Protocol (BFCP)", RFC 4582, DOI 10.17487/RFC4582, | ||||
| November 2006, <https://www.rfc-editor.org/info/rfc4582>. | ||||
| [RFC4616] Zeilenga, K., Ed., "The PLAIN Simple Authentication and | ||||
| Security Layer (SASL) Mechanism", RFC 4616, | ||||
| DOI 10.17487/RFC4616, August 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4616>. | ||||
| [RFC4642] Murchison, K., Vinocur, J., and C. Newman, "Using | ||||
| Transport Layer Security (TLS) with Network News Transfer | ||||
| Protocol (NNTP)", RFC 4642, DOI 10.17487/RFC4642, October | ||||
| 2006, <https://www.rfc-editor.org/info/rfc4642>. | ||||
| [RFC4680] Santesson, S., "TLS Handshake Message for Supplemental | ||||
| Data", RFC 4680, DOI 10.17487/RFC4680, October 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4680>. | ||||
| [RFC4681] Santesson, S., Medvinsky, A., and J. Ball, "TLS User | ||||
| Mapping Extension", RFC 4681, DOI 10.17487/RFC4681, | ||||
| October 2006, <https://www.rfc-editor.org/info/rfc4681>. | ||||
| [RFC4712] Siddiqui, A., Romascanu, D., Golovinsky, E., Rahman, M., | ||||
| and Y. Kim, "Transport Mappings for Real-time Application | ||||
| Quality-of-Service Monitoring (RAQMON) Protocol Data Unit | ||||
| (PDU)", RFC 4712, DOI 10.17487/RFC4712, October 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4712>. | ||||
| [RFC4732] Handley, M., Ed., Rescorla, E., Ed., and IAB, "Internet | ||||
| Denial-of-Service Considerations", RFC 4732, | ||||
| DOI 10.17487/RFC4732, December 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4732>. | ||||
| [RFC4743] Goddard, T., "Using NETCONF over the Simple Object Access | ||||
| Protocol (SOAP)", RFC 4743, DOI 10.17487/RFC4743, December | ||||
| 2006, <https://www.rfc-editor.org/info/rfc4743>. | ||||
| [RFC4744] Lear, E. and K. Crozier, "Using the NETCONF Protocol over | ||||
| the Blocks Extensible Exchange Protocol (BEEP)", RFC 4744, | ||||
| DOI 10.17487/RFC4744, December 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4744>. | ||||
| [RFC4785] Blumenthal, U. and P. Goel, "Pre-Shared Key (PSK) | ||||
| Ciphersuites with NULL Encryption for Transport Layer | ||||
| Security (TLS)", RFC 4785, DOI 10.17487/RFC4785, January | ||||
| 2007, <https://www.rfc-editor.org/info/rfc4785>. | ||||
| [RFC4791] Daboo, C., Desruisseaux, B., and L. Dusseault, | ||||
| "Calendaring Extensions to WebDAV (CalDAV)", RFC 4791, | ||||
| DOI 10.17487/RFC4791, March 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4791>. | ||||
| [RFC4823] Harding, T. and R. Scott, "FTP Transport for Secure Peer- | ||||
| to-Peer Business Data Interchange over the Internet", | ||||
| RFC 4823, DOI 10.17487/RFC4823, April 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4823>. | ||||
| [RFC4851] Cam-Winget, N., McGrew, D., Salowey, J., and H. Zhou, "The | ||||
| Flexible Authentication via Secure Tunneling Extensible | ||||
| Authentication Protocol Method (EAP-FAST)", RFC 4851, | ||||
| DOI 10.17487/RFC4851, May 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4851>. | ||||
| [RFC4964] Allen, A., Ed., Holm, J., and T. Hallin, "The P-Answer- | ||||
| State Header Extension to the Session Initiation Protocol | ||||
| for the Open Mobile Alliance Push to Talk over Cellular", | ||||
| RFC 4964, DOI 10.17487/RFC4964, September 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4964>. | ||||
| [RFC4975] Campbell, B., Ed., Mahy, R., Ed., and C. Jennings, Ed., | ||||
| "The Message Session Relay Protocol (MSRP)", RFC 4975, | ||||
| DOI 10.17487/RFC4975, September 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4975>. | ||||
| [RFC4976] Jennings, C., Mahy, R., and A. Roach, "Relay Extensions | ||||
| for the Message Sessions Relay Protocol (MSRP)", RFC 4976, | ||||
| DOI 10.17487/RFC4976, September 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4976>. | ||||
| [RFC4992] Newton, A., "XML Pipelining with Chunks for the Internet | ||||
| Registry Information Service", RFC 4992, | ||||
| DOI 10.17487/RFC4992, August 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4992>. | ||||
| [RFC5018] Camarillo, G., "Connection Establishment in the Binary | ||||
| Floor Control Protocol (BFCP)", RFC 5018, | ||||
| DOI 10.17487/RFC5018, September 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5018>. | ||||
| [RFC5019] Deacon, A. and R. Hurst, "The Lightweight Online | ||||
| Certificate Status Protocol (OCSP) Profile for High-Volume | ||||
| Environments", RFC 5019, DOI 10.17487/RFC5019, September | ||||
| 2007, <https://www.rfc-editor.org/info/rfc5019>. | ||||
| [RFC5023] Gregorio, J., Ed. and B. de hOra, Ed., "The Atom | ||||
| Publishing Protocol", RFC 5023, DOI 10.17487/RFC5023, | ||||
| October 2007, <https://www.rfc-editor.org/info/rfc5023>. | ||||
| [RFC5024] Friend, I., "ODETTE File Transfer Protocol 2.0", RFC 5024, | ||||
| DOI 10.17487/RFC5024, November 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5024>. | ||||
| [RFC5049] Bormann, C., Liu, Z., Price, R., and G. Camarillo, Ed., | ||||
| "Applying Signaling Compression (SigComp) to the Session | ||||
| Initiation Protocol (SIP)", RFC 5049, | ||||
| DOI 10.17487/RFC5049, December 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5049>. | ||||
| [RFC5054] Taylor, D., Wu, T., Mavrogiannopoulos, N., and T. Perrin, | ||||
| "Using the Secure Remote Password (SRP) Protocol for TLS | ||||
| Authentication", RFC 5054, DOI 10.17487/RFC5054, November | ||||
| 2007, <https://www.rfc-editor.org/info/rfc5054>. | ||||
| [RFC5091] Boyen, X. and L. Martin, "Identity-Based Cryptography | ||||
| Standard (IBCS) #1: Supersingular Curve Implementations of | ||||
| the BF and BB1 Cryptosystems", RFC 5091, | ||||
| DOI 10.17487/RFC5091, December 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5091>. | ||||
| [RFC5158] Huston, G., "6to4 Reverse DNS Delegation Specification", | ||||
| RFC 5158, DOI 10.17487/RFC5158, March 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5158>. | ||||
| [RFC5216] Simon, D., Aboba, B., and R. Hurst, "The EAP-TLS | ||||
| Authentication Protocol", RFC 5216, DOI 10.17487/RFC5216, | ||||
| March 2008, <https://www.rfc-editor.org/info/rfc5216>. | ||||
| [RFC5238] Phelan, T., "Datagram Transport Layer Security (DTLS) over | ||||
| the Datagram Congestion Control Protocol (DCCP)", | ||||
| RFC 5238, DOI 10.17487/RFC5238, May 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5238>. | ||||
| [RFC5263] Lonnfors, M., Costa-Requena, J., Leppanen, E., and H. | ||||
| Khartabil, "Session Initiation Protocol (SIP) Extension | ||||
| for Partial Notification of Presence Information", | ||||
| RFC 5263, DOI 10.17487/RFC5263, September 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5263>. | ||||
| [RFC5281] Funk, P. and S. Blake-Wilson, "Extensible Authentication | ||||
| Protocol Tunneled Transport Layer Security Authenticated | ||||
| Protocol Version 0 (EAP-TTLSv0)", RFC 5281, | ||||
| DOI 10.17487/RFC5281, August 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5281>. | ||||
| [RFC5364] Garcia-Martin, M. and G. Camarillo, "Extensible Markup | ||||
| Language (XML) Format Extension for Representing Copy | ||||
| Control Attributes in Resource Lists", RFC 5364, | ||||
| DOI 10.17487/RFC5364, October 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5364>. | ||||
| [RFC5422] Cam-Winget, N., McGrew, D., Salowey, J., and H. Zhou, | ||||
| "Dynamic Provisioning Using Flexible Authentication via | ||||
| Secure Tunneling Extensible Authentication Protocol (EAP- | ||||
| FAST)", RFC 5422, DOI 10.17487/RFC5422, March 2009, | ||||
| <https://www.rfc-editor.org/info/rfc5422>. | ||||
| [RFC5469] Eronen, P., Ed., "DES and IDEA Cipher Suites for Transport | ||||
| Layer Security (TLS)", RFC 5469, DOI 10.17487/RFC5469, | ||||
| February 2009, <https://www.rfc-editor.org/info/rfc5469>. | ||||
| [RFC5734] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) | ||||
| Transport over TCP", STD 69, RFC 5734, | ||||
| DOI 10.17487/RFC5734, August 2009, | ||||
| <https://www.rfc-editor.org/info/rfc5734>. | ||||
| [RFC5878] Brown, M. and R. Housley, "Transport Layer Security (TLS) | ||||
| Authorization Extensions", RFC 5878, DOI 10.17487/RFC5878, | ||||
| May 2010, <https://www.rfc-editor.org/info/rfc5878>. | ||||
| [RFC6042] Keromytis, A., "Transport Layer Security (TLS) | ||||
| Authorization Using KeyNote", RFC 6042, | ||||
| DOI 10.17487/RFC6042, October 2010, | ||||
| <https://www.rfc-editor.org/info/rfc6042>. | ||||
| [RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer | ||||
| (SSL) Version 2.0", RFC 6176, DOI 10.17487/RFC6176, March | ||||
| 2011, <https://www.rfc-editor.org/info/rfc6176>. | ||||
| [RFC6367] Kanno, S. and M. Kanda, "Addition of the Camellia Cipher | ||||
| Suites to Transport Layer Security (TLS)", RFC 6367, | ||||
| DOI 10.17487/RFC6367, September 2011, | ||||
| <https://www.rfc-editor.org/info/rfc6367>. | ||||
| [RFC6739] Schulzrinne, H. and H. Tschofenig, "Synchronizing Service | ||||
| Boundaries and <mapping> Elements Based on the Location- | ||||
| to-Service Translation (LoST) Protocol", RFC 6739, | ||||
| DOI 10.17487/RFC6739, October 2012, | ||||
| <https://www.rfc-editor.org/info/rfc6739>. | ||||
| [RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", | ||||
| RFC 6749, DOI 10.17487/RFC6749, October 2012, | ||||
| <https://www.rfc-editor.org/info/rfc6749>. | ||||
| [RFC6750] Jones, M. and D. Hardt, "The OAuth 2.0 Authorization | ||||
| Framework: Bearer Token Usage", RFC 6750, | ||||
| DOI 10.17487/RFC6750, October 2012, | ||||
| <https://www.rfc-editor.org/info/rfc6750>. | ||||
| [RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed., | ||||
| "Enrollment over Secure Transport", RFC 7030, | ||||
| DOI 10.17487/RFC7030, October 2013, | ||||
| <https://www.rfc-editor.org/info/rfc7030>. | ||||
| [RFC7255] Allen, A., Ed., "Using the International Mobile station | ||||
| Equipment Identity (IMEI) Uniform Resource Name (URN) as | ||||
| an Instance ID", RFC 7255, DOI 10.17487/RFC7255, May 2014, | ||||
| <https://www.rfc-editor.org/info/rfc7255>. | ||||
| [RFC7465] Popov, A., "Prohibiting RC4 Cipher Suites", RFC 7465, | ||||
| DOI 10.17487/RFC7465, February 2015, | ||||
| <https://www.rfc-editor.org/info/rfc7465>. | ||||
| [RFC7507] Moeller, B. and A. Langley, "TLS Fallback Signaling Cipher | ||||
| Suite Value (SCSV) for Preventing Protocol Downgrade | ||||
| Attacks", RFC 7507, DOI 10.17487/RFC7507, April 2015, | ||||
| <https://www.rfc-editor.org/info/rfc7507>. | ||||
| [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | |||
| "Recommendations for Secure Use of Transport Layer | "Recommendations for Secure Use of Transport Layer | |||
| Security (TLS) and Datagram Transport Layer Security | Security (TLS) and Datagram Transport Layer Security | |||
| (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May | (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May | |||
| 2015, <https://www.rfc-editor.org/info/rfc7525>. | 2015, <https://www.rfc-editor.org/info/rfc7525>. | |||
| [RFC7562] Thakore, D., "Transport Layer Security (TLS) Authorization | ||||
| Using Digital Transmission Content Protection (DTCP) | ||||
| Certificates", RFC 7562, DOI 10.17487/RFC7562, July 2015, | ||||
| <https://www.rfc-editor.org/info/rfc7562>. | ||||
| [RFC7568] Barnes, R., Thomson, M., Pironti, A., and A. Langley, | ||||
| "Deprecating Secure Sockets Layer Version 3.0", RFC 7568, | ||||
| DOI 10.17487/RFC7568, June 2015, | ||||
| <https://www.rfc-editor.org/info/rfc7568>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 13.2. Informative References | [RFC8422] Nir, Y., Josefsson, S., and M. Pegourie-Gonnard, "Elliptic | |||
| Curve Cryptography (ECC) Cipher Suites for Transport Layer | ||||
| Security (TLS) Versions 1.2 and Earlier", RFC 8422, | ||||
| DOI 10.17487/RFC8422, August 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8422>. | ||||
| [Amazon] Amazon, "Amazon Elastic Load Balancing Support Deprecated | [RFC8465] Atarius, R., Ed., "Using the Mobile Equipment Identity | |||
| TLSv1.0 and TLSv1.1 https://aws.amazon.com/about-aws/ | (MEID) URN as an Instance ID", RFC 8465, | |||
| whats-new/2017/02/elastic-load-balancing-support-for-tls- | DOI 10.17487/RFC8465, September 2018, | |||
| 1-1-and-tls-1-2-pre-defined-security-policies/", 2017. | <https://www.rfc-editor.org/info/rfc8465>. | |||
| 10.2. Informative References | ||||
| [Bhargavan2016] | [Bhargavan2016] | |||
| Bhargavan, K. and G. Leuren, "Transcript Collision | Bhargavan, K. and G. Leuren, "Transcript Collision | |||
| Attacks: Breaking Authentication in TLS, IKE, and SSH | Attacks: Breaking Authentication in TLS, IKE, and SSH | |||
| https://www.mitls.org/downloads/ | https://www.mitls.org/downloads/ | |||
| transcript-collisions.pdf", 2016. | transcript-collisions.pdf", 2016. | |||
| [Canada] Treasury Board of Canada Secretariat, "Implementing HTTPS | [Canada] Treasury Board of Canada Secretariat, "Implementing HTTPS | |||
| for Secure Web Connections: Information Technology Policy | for Secure Web Connections: Information Technology Policy | |||
| Implementation Notice (ITPIN)", June 2018, | Implementation Notice (ITPIN)", June 2018, | |||
| <https://www.canada.ca/en/treasury-board- | <https://www.canada.ca/en/treasury-board- | |||
| secretariat/services/information-technology/ | secretariat/services/information-technology/ | |||
| policy-implementation-notices/ | policy-implementation-notices/ | |||
| implementing-https-secure-web-connections-itpin.html>. | implementing-https-secure-web-connections-itpin.html>. | |||
| [CloudFlare] | ||||
| CloudFlare, "CloudFlare Deprecated TLSv1.0 and TLSv1.1 | ||||
| https://blog.cloudflare.com/deprecating-old-tls-versions- | ||||
| on-cloudflare-dashboard-and-api/", 2018. | ||||
| [Digicert] | ||||
| Digicert, "Deprecating TLS 1.0 and 1.1 | ||||
| https://www.digicert.com/blog/ | ||||
| depreciating-tls-1-0-and-1-1/", 2018. | ||||
| [GIT] GitHub, "GitHub Deprecates TLSv1.0 and TLSv1.1 | ||||
| https://githubengineering.com/crypto-removal-notice/", | ||||
| 2018. | ||||
| [KeyCDN] KeyCDN, "Deprecating TLS 1.0 and 1.1 Enhancing Security | ||||
| for Everyone | ||||
| https://www.keycdn.com/blog/deprecating-tls-1-0-and-1-1/", | ||||
| 2018. | ||||
| [NIST800-52r2] | [NIST800-52r2] | |||
| National Institute of Standards and Technology, "NIST | National Institute of Standards and Technology, "NIST | |||
| SP800-52r2 https://csrc.nist.gov/CSRC/media/Publications/ | SP800-52r2 https://csrc.nist.gov/CSRC/media/Publications/ | |||
| sp/800-52/rev-2/draft/documents/sp800-52r2-draft.pdf", | sp/800-52/rev-2/draft/documents/sp800-52r2-draft.pdf", | |||
| 2018. | 2018. | |||
| [paypal] Paypal, ""TLS1.2 and HTTP/1.1 Upgrade" https://www.paypal- | ||||
| notice.com/en/TLS-1.2-and-HTTP1.1-Upgrade/", 2018. | ||||
| [PCI-TLS1] | [PCI-TLS1] | |||
| PCI Security Standards Council, "Migrating from SSL and | PCI Security Standards Council, "Migrating from SSL and | |||
| Early TLS https://www.pcisecuritystandards.org/documents/ | Early TLS https://www.pcisecuritystandards.org/documents/ | |||
| Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf", 2016. | Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf", 2016. | |||
| [RFC3316] Arkko, J., Kuijpers, G., Soliman, H., Loughney, J., and J. | ||||
| Wiljakka, "Internet Protocol Version 6 (IPv6) for Some | ||||
| Second and Third Generation Cellular Hosts", RFC 3316, | ||||
| DOI 10.17487/RFC3316, April 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3316>. | ||||
| [RFC3489] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, | ||||
| "STUN - Simple Traversal of User Datagram Protocol (UDP) | ||||
| Through Network Address Translators (NATs)", RFC 3489, | ||||
| DOI 10.17487/RFC3489, March 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3489>. | ||||
| [RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., | ||||
| and T. Wright, "Transport Layer Security (TLS) | ||||
| Extensions", RFC 3546, DOI 10.17487/RFC3546, June 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3546>. | ||||
| [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. | ||||
| Arkko, "Diameter Base Protocol", RFC 3588, | ||||
| DOI 10.17487/RFC3588, September 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3588>. | ||||
| [RFC3734] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) | ||||
| Transport Over TCP", RFC 3734, DOI 10.17487/RFC3734, March | ||||
| 2004, <https://www.rfc-editor.org/info/rfc3734>. | ||||
| [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence | ||||
| Protocol (XMPP): Core", RFC 3920, DOI 10.17487/RFC3920, | ||||
| October 2004, <https://www.rfc-editor.org/info/rfc3920>. | ||||
| [RFC4132] Moriai, S., Kato, A., and M. Kanda, "Addition of Camellia | ||||
| Cipher Suites to Transport Layer Security (TLS)", | ||||
| RFC 4132, DOI 10.17487/RFC4132, July 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4132>. | ||||
| [RFC4244] Barnes, M., Ed., "An Extension to the Session Initiation | ||||
| Protocol (SIP) for Request History Information", RFC 4244, | ||||
| DOI 10.17487/RFC4244, November 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4244>. | ||||
| [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | |||
| Security", RFC 4347, DOI 10.17487/RFC4347, April 2006, | Security", RFC 4347, DOI 10.17487/RFC4347, April 2006, | |||
| <https://www.rfc-editor.org/info/rfc4347>. | <https://www.rfc-editor.org/info/rfc4347>. | |||
| [RFC4366] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., | ||||
| and T. Wright, "Transport Layer Security (TLS) | ||||
| Extensions", RFC 4366, DOI 10.17487/RFC4366, April 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4366>. | ||||
| [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. | ||||
| Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites | ||||
| for Transport Layer Security (TLS)", RFC 4492, | ||||
| DOI 10.17487/RFC4492, May 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4492>. | ||||
| [RFC4507] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, | ||||
| "Transport Layer Security (TLS) Session Resumption without | ||||
| Server-Side State", RFC 4507, DOI 10.17487/RFC4507, May | ||||
| 2006, <https://www.rfc-editor.org/info/rfc4507>. | ||||
| [RFC4572] Lennox, J., "Connection-Oriented Media Transport over the | ||||
| Transport Layer Security (TLS) Protocol in the Session | ||||
| Description Protocol (SDP)", RFC 4572, | ||||
| DOI 10.17487/RFC4572, July 2006, | ||||
| <https://www.rfc-editor.org/info/rfc4572>. | ||||
| [RFC4934] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) | ||||
| Transport Over TCP", RFC 4934, DOI 10.17487/RFC4934, May | ||||
| 2007, <https://www.rfc-editor.org/info/rfc4934>. | ||||
| [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, | ||||
| "Transport Layer Security (TLS) Session Resumption without | ||||
| Server-Side State", RFC 5077, DOI 10.17487/RFC5077, | ||||
| January 2008, <https://www.rfc-editor.org/info/rfc5077>. | ||||
| [RFC5081] Mavrogiannopoulos, N., "Using OpenPGP Keys for Transport | ||||
| Layer Security (TLS) Authentication", RFC 5081, | ||||
| DOI 10.17487/RFC5081, November 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5081>. | ||||
| [RFC5101] Claise, B., Ed., "Specification of the IP Flow Information | ||||
| Export (IPFIX) Protocol for the Exchange of IP Traffic | ||||
| Flow Information", RFC 5101, DOI 10.17487/RFC5101, January | ||||
| 2008, <https://www.rfc-editor.org/info/rfc5101>. | ||||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, | (TLS) Protocol Version 1.2", RFC 5246, | |||
| DOI 10.17487/RFC5246, August 2008, | DOI 10.17487/RFC5246, August 2008, | |||
| <https://www.rfc-editor.org/info/rfc5246>. | <https://www.rfc-editor.org/info/rfc5246>. | |||
| [RFC7457] Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing | [RFC7457] Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing | |||
| Known Attacks on Transport Layer Security (TLS) and | Known Attacks on Transport Layer Security (TLS) and | |||
| Datagram TLS (DTLS)", RFC 7457, DOI 10.17487/RFC7457, | Datagram TLS (DTLS)", RFC 7457, DOI 10.17487/RFC7457, | |||
| February 2015, <https://www.rfc-editor.org/info/rfc7457>. | February 2015, <https://www.rfc-editor.org/info/rfc7457>. | |||
| [RFC7568] Barnes, R., Thomson, M., Pironti, A., and A. Langley, | ||||
| "Deprecating Secure Sockets Layer Version 3.0", RFC 7568, | ||||
| DOI 10.17487/RFC7568, June 2015, | ||||
| <https://www.rfc-editor.org/info/rfc7568>. | ||||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC8447] Salowey, J. and S. Turner, "IANA Registry Updates for TLS | [RFC8447] Salowey, J. and S. Turner, "IANA Registry Updates for TLS | |||
| and DTLS", RFC 8447, DOI 10.17487/RFC8447, August 2018, | and DTLS", RFC 8447, DOI 10.17487/RFC8447, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8447>. | <https://www.rfc-editor.org/info/rfc8447>. | |||
| [SSLpulse] | Appendix A. Change Log | |||
| SSLpulse - will be deleted before publication, "SSLpulse | ||||
| https://www.ssllabs.com/ssl-pulse/", 2018. | ||||
| [StackExchange] | [[RFC editor: please remove this before publication.]] | |||
| StackExchange - will be deleted before publication, | ||||
| "Stackexchange | ||||
| https://security.stackexchange.com/questions/177182/is- | ||||
| there-a-list-of-old-browsers-that-only-support-tls-1-0", | ||||
| 2018. | ||||
| [stripe] Stripe, ""Upgrading to SHA-2 and TLS 1.2" | From draft-ietf-tls-oldversions-deprecate-00 to draft-ietf-tls- | |||
| https://stripe.com/blog/upgrading-tls", 2018. | oldversions-deprecate-01: | |||
| Appendix A. Change Log | o PRs with typos and similar: so far just #1 | |||
| o PR#2 noting msft browser announced deprecation (but this was OBE | ||||
| as per...) | ||||
| o Implemented actions as per IETF-103 meeting: | ||||
| [[RFC editor: please remove this before publication.]] | * Details about which RFC's, BCP's are affected were generated | |||
| using a script in the git repo: https://github.com/tlswg/ | ||||
| oldversions-deprecate/blob/master/nonobsnorms.sh | ||||
| * Removed the 'measurements' part | ||||
| * Removed SHA-1 deprecation (section 8 of -00) | ||||
| From draft-moriarty-tls-oldversions-diediedie-01 to draft-ietf-tls- | From draft-moriarty-tls-oldversions-diediedie-01 to draft-ietf-tls- | |||
| oldversions-deprecate-00: | oldversions-deprecate-00: | |||
| o I-Ds became RFCs 8446/8447 (old-repo PR#4, for TLS1.3) | o I-Ds became RFCs 8446/8447 (old-repo PR#4, for TLS1.3) | |||
| o Accepted old-repo PR#5 fixing typos | o Accepted old-repo PR#5 fixing typos | |||
| From draft-moriarty-tls-oldversions-diediedie-00 to draft-moriarty- | From draft-moriarty-tls-oldversions-diediedie-00 to draft-moriarty- | |||
| tls-oldversions-diediedie-01: | tls-oldversions-diediedie-01: | |||
| End of changes. 40 change blocks. | ||||
| 239 lines changed or deleted | 546 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||