On Thu, Jul 14, 2022 at 10:52:53AM +1000, Martin Thomson wrote: > > > On Thu, Jul 14, 2022, at 10:20, Peter Saint-Andre wrote: > > On 7/13/22 3:00 PM, Salz, Rich wrote: > >> * It is definitely the "BCP" already--there are good reasons not to > >> support TLS 1.2 on a server, and good reasons for clients not to > >> connect to a server that negotiates it. > >> > >> What are they? > > > > Good question. > > I think we want to distinguish between "can" and "should". There are servers that can reasonably not support TLS 1.2 now. Most clients that are up to date will have TLS 1.3. Those servers can disable TLS 1.2 and enjoy the benefit of using a more robust protocol. > > However, I don't see the IETF being in a position yet where it can tell people not to use TLS 1.2. There's a good protocol hidden in there still if you are careful. More importantly, we still have people who have not been able to make a move. Note the careful distinction here between not able and not willing; the latter will start to be an excuse soon. I agree. I think it's pretty clear that 1.3 is better than 1.2, but the operative question seems to be whether 1.2 is so bad that we should be disrecommending it (to whatever degree). And, as you say, there is still a good protocol in there if you are careful/follow the advice we're giving, so I think the answer to that question is "no" (i.e., we should still say that 1.2 is fine to use). -Ben -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
