On Mon, Dec 7, 2020 at 9:55 AM Eliot Lear <lear=40cisco.com@xxxxxxxxxxxxxx> wrote:
> On 7 Dec 2020, at 13:59, Ted Lemon <mellon@xxxxxxxxx> wrote:
>
> One question that I think makes sense to ask is, odd this the right metric? Eliot suggested that maybe what we mean by obsolete is that orgs should start phasing it out, not that they are done phasing it out. I think I agree.
More or less. The question is this: when do we believe that a technology is no longer appropriate to deploy? TLS 1.0 and 1.1 are obvious. What’s the trigger point for TLS 1.2 or for that matter, TCP?
When we deprecate, then vendors and libraries set end of support dates. We obsolete when a new version is released, so TLSv1.2 has been obsoleted, but not deprecated. TLSv1.0 and TLSv1.1 have been obsoleted and are in process of being deprecated. OpenSSL had stated they would continue to support library versions published for 5 years from publication date. This means that whatever the publication date was/is of a release that had the deprecated versions, support would continue to allow for a reasonable transition period.
Does that help?
Best regards,
Kathleen
Eliot
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
Best regards,
Kathleen
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call