draft-ietf-tls-oldversions-deprecate-10.txt   draft-ietf-tls-oldversions-deprecate-11.txt 
Internet Engineering Task Force K. Moriarty Internet Engineering Task Force K. Moriarty
Internet-Draft Dell EMC Internet-Draft Dell EMC
Obsoletes: 5469 7507 (if approved) S. Farrell Obsoletes: 5469 7507 (if approved) S. Farrell
Updates: 8422 8261 7568 7562 7525 7465 Trinity College Dublin Updates: 8422 8261 7568 7562 7525 7465 Trinity College Dublin
7030 6750 6749 6739 6460 6614 December 14, 2020 7030 6750 6749 6739 6460 6614 December 15, 2020
6367 6353 6347 6176 6084 6083 6367 6353 6347 6176 6084 6083
6042 6012 5953 5878 5734 5456 6042 6012 5953 5878 5734 5456
5422 5415 5364 5281 5263 5238 5422 5415 5364 5281 5263 5238
5216 5158 5091 5054 5049 5024 5216 5158 5091 5054 5049 5024
5023 5019 5018 4992 4976 4975 5023 5019 5018 4992 4976 4975
4964 4851 4823 4791 4785 4744 4964 4851 4823 4791 4785 4744
4743 4732 4712 4681 4680 4642 4743 4732 4712 4681 4680 4642
4616 4582 4540 4531 4513 4497 4616 4582 4540 4531 4513 4497
4279 4261 4235 4217 4168 4162 4279 4261 4235 4217 4168 4162
4111 4097 3983 3943 3903 3887 4111 4097 3983 3943 3903 3887
3871 3856 3767 3749 3656 3568 3871 3856 3767 3749 3656 3568
3552 3501 3470 3436 3329 3261 3552 3501 3470 3436 3329 3261
(if approved) (if approved)
Intended status: Best Current Practice Intended status: Best Current Practice
Expires: June 17, 2021 Expires: June 18, 2021
Deprecating TLSv1.0 and TLSv1.1 Deprecating TLSv1.0 and TLSv1.1
draft-ietf-tls-oldversions-deprecate-10 draft-ietf-tls-oldversions-deprecate-11
Abstract Abstract
This document, if approved, formally deprecates Transport Layer This document, if approved, formally deprecates Transport Layer
Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).
Accordingly, those documents (will be moved|have been moved) to Accordingly, those documents (will be moved|have been moved) to
Historic status. These versions lack support for current and Historic status. These versions lack support for current and
recommended cryptographic algorithms and mechanisms, and various recommended cryptographic algorithms and mechanisms, and various
government and industry profiles of applications using TLS now government and industry profiles of applications using TLS now
mandate avoiding these old TLS versions. TLSv1.2 has been the mandate avoiding these old TLS versions. TLSv1.2 has been the
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 17, 2021. This Internet-Draft will expire on June 18, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 11 skipping to change at page 4, line 11
these older versions. Fallback to these versions are prohibited these older versions. Fallback to these versions are prohibited
through this update. Specific references to mandatory minimum through this update. Specific references to mandatory minimum
protocol versions of TLSv1.0 or TLSv1.1 are replaced by TLSv1.2, and protocol versions of TLSv1.0 or TLSv1.1 are replaced by TLSv1.2, and
references to minimum protocol version DTLSv1.0 are replaced by references to minimum protocol version DTLSv1.0 are replaced by
DTLSv1.2. Statements that "TLSv1.0 is the most widely deployed DTLSv1.2. Statements that "TLSv1.0 is the most widely deployed
version and will provide the broadest interoperability" are removed version and will provide the broadest interoperability" are removed
without replacement. without replacement.
[RFC8422] [RFC8261] [RFC7568] [RFC7562] [RFC7525] [RFC7465] [RFC7030] [RFC8422] [RFC8261] [RFC7568] [RFC7562] [RFC7525] [RFC7465] [RFC7030]
[RFC6750] [RFC6749] [RFC6739] [RFC6084] [RFC6083] [RFC6367] [RFC6353] [RFC6750] [RFC6749] [RFC6739] [RFC6084] [RFC6083] [RFC6367] [RFC6353]
[RFC6176] [RFC6042] [RFC6012] [RFC5953] [RFC5878] [RFC5734] [RFC5456] [RFC6176] [RFC6042] [RFC6012] [RFC5878] [RFC5734] [RFC5456] [RFC5422]
[RFC5422] [RFC5415] [RFC5364] [RFC5281] [RFC5263] [RFC5238] [RFC5216] [RFC5415] [RFC5364] [RFC5281] [RFC5263] [RFC5238] [RFC5216] [RFC5158]
[RFC5158] [RFC5091] [RFC5054] [RFC5049] [RFC5024] [RFC5023] [RFC5019] [RFC5091] [RFC5054] [RFC5049] [RFC5024] [RFC5023] [RFC5019] [RFC5018]
[RFC5018] [RFC4992] [RFC4976] [RFC4975] [RFC4964] [RFC4851] [RFC4823] [RFC4992] [RFC4976] [RFC4975] [RFC4964] [RFC4851] [RFC4823] [RFC4791]
[RFC4791] [RFC4785] [RFC4732] [RFC4712] [RFC4681] [RFC4680] [RFC4642] [RFC4785] [RFC4732] [RFC4712] [RFC4681] [RFC4680] [RFC4642] [RFC4616]
[RFC4616] [RFC4582] [RFC4540] [RFC4531] [RFC4513] [RFC4497] [RFC4279] [RFC4582] [RFC4540] [RFC4531] [RFC4513] [RFC4497] [RFC4279] [RFC4261]
[RFC4261] [RFC4235] [RFC4217] [RFC4168] [RFC4162] [RFC4111] [RFC4097] [RFC4235] [RFC4217] [RFC4168] [RFC4162] [RFC4111] [RFC4097] [RFC3983]
[RFC3983] [RFC3943] [RFC3903] [RFC3887] [RFC3871] [RFC3856] [RFC3767] [RFC3943] [RFC3903] [RFC3887] [RFC3871] [RFC3856] [RFC3767] [RFC3749]
[RFC3749] [RFC3656] [RFC3568] [RFC3552] [RFC3501] [RFC3470] [RFC3436] [RFC3656] [RFC3568] [RFC3552] [RFC3501] [RFC3470] [RFC3436] [RFC3329]
[RFC3329] [RFC3261] [RFC3261]
The status of [RFC7562], [RFC6042], [RFC5456], [RFC5024], [RFC4540], The status of [RFC7562], [RFC6042], [RFC5456], [RFC5024], [RFC4540],
and [RFC3656] will be updated with permission of the Independent and [RFC3656] will be updated with permission of the Independent
Stream Editor. Stream Editor.
In addition these RFCs normatively refer to TLSv1.0 or TLSv1.1 and In addition these RFCs normatively refer to TLSv1.0 or TLSv1.1 and
have already been obsoleted; they are still listed here and marked as have already been obsoleted; they are still listed here and marked as
updated by this document in order to reiterate that any usage of the updated by this document in order to reiterate that any usage of the
obsolete protocol should still use modern TLS: [RFC5101] [RFC5081] obsolete protocol should still use modern TLS: [RFC5953] [RFC5101]
[RFC5077] [RFC4934] [RFC4572] [RFC4507] [RFC4492] [RFC4366] [RFC4347] [RFC5081] [RFC5077] [RFC4934] [RFC4572] [RFC4507] [RFC4492] [RFC4366]
[RFC4244] [RFC4132] [RFC3920] [RFC3734] [RFC3588] [RFC3546] [RFC3489] [RFC4347] [RFC4244] [RFC4132] [RFC3920] [RFC3734] [RFC3588] [RFC3546]
[RFC3316] [RFC3489] [RFC3316]
Note that [RFC4642] has already been updated by [RFC8143], which Note that [RFC4642] has already been updated by [RFC8143], which
makes an overlapping, but not quite identical, update as this makes an overlapping, but not quite identical, update as this
document. document.
[RFC6614] has a requirement for TLSv1.1 or later, although only makes [RFC6614] has a requirement for TLSv1.1 or later, although only makes
an informative reference to [RFC4346]. This requirement is updated an informative reference to [RFC4346]. This requirement is updated
to be for TLSv1.2 or later. to be for TLSv1.2 or later.
[RFC6460], [RFC4744], and [RFC4743] are already Historic; they are [RFC6460], [RFC4744], and [RFC4743] are already Historic; they are
skipping to change at page 22, line 9 skipping to change at page 22, line 9
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC8447] Salowey, J. and S. Turner, "IANA Registry Updates for TLS [RFC8447] Salowey, J. and S. Turner, "IANA Registry Updates for TLS
and DTLS", RFC 8447, DOI 10.17487/RFC8447, August 2018, and DTLS", RFC 8447, DOI 10.17487/RFC8447, August 2018,
<https://www.rfc-editor.org/info/rfc8447>. <https://www.rfc-editor.org/info/rfc8447>.
Appendix A. Change Log Appendix A. Change Log
[[RFC editor: please remove this before publication.]] [[RFC editor: please remove this before publication.]]
From draft-ietf-tls-oldversions-deprecate-10 to draft-ietf-tls-
oldversions-deprecate-11:
o RFC 5953 was mentioned in the wrong para of section 1.1 - it has
been obsoleted already.
From draft-ietf-tls-oldversions-deprecate-09 to draft-ietf-tls- From draft-ietf-tls-oldversions-deprecate-09 to draft-ietf-tls-
oldversions-deprecate-10: oldversions-deprecate-10:
o We missed adding change logs for a few versions, but since -09 was o We missed adding change logs for a few versions, but since -09 was
the one that underwent IETF last call, and there was some the one that underwent IETF last call, and there was some
discussion, we figured it'd be good to mention substantive changes discussion, we figured it'd be good to mention substantive changes
here. here.
o Added Ben's suggested text for "operational considerations" o Added Ben's suggested text for "operational considerations"
following extensive last call discussion. following extensive last call discussion.
o Re-checked the references to RFC 4347 after Tom Petch noticed we o Re-checked the references to RFC 4347 after Tom Petch noticed we
 End of changes. 7 change blocks. 
18 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/