[IDS] New Network iTC discussion on how soon to remove TLS/1.1

[IDS] New Network iTC discussion on how soon to remove TLS/1.1

Ira McDonald blueroofmusic at gmail.com
Wed Aug 7 21:12:14 UTC 2019



Mea culpa - I rattled cages pretty hard in Network iTC recent threads
to get on w/ removing TLS/1.1, since the IETF Best Practice deprecating
TLS/1.0 and TLS/1.1 has gone to the IESG for last call (and was written
at the express direction of the IAB parent body of the IESG).

Michael Vogel has been constructive and supportive on bringing this issue
to the foreground in the Network iTC.

- Ira

PS - For anyone who can't open the CCUF link, here's what Michael just

Hi all,

let's start a separate thread on that. Sooner or later we will have to deal
with the question when we want to deprecate TLSv1.1 in NDcPP. We are
currently working on NDcPP V2.2 and removing it there on very short notice
is surely not a good idea. I am not really sure what we will see afterwards
- a V2.3 or V3.0. Usually we don't pull any options from NDcPP in a minor
version, but from my perspective for TLSv1.1 we should consider to remove
it from the next version - no matter whether it will be a minor version or
a major version.

The TLS WG is currently working on a proposal to integrate TLSv1.3 which
should be ready for integration for the next version after V2.2. There are
a few issues where life would be easier if we wouldn't have to consider
TLSv1.1 as well. So I am wondering whether we should remove TLSv1.1 in the
proposal for TLSv1.3 or keep it.

So I wanted to ask you about your opinion on when would be the right time
to remove support for TLSv1.1 from NDcPP and if you think this should be
combined with the integration of TLSv1.3.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20190807/f7ea640d/attachment.html>

More information about the ids mailing list