KORTHEXkorthex.flowence.cc

Compliance / IETF

IETF RFC Deprecation Track

The IETF channel carries 11 rules curated from the RFC deprecation trail: RFC 8996 (TLS 1.0 and 1.1 formally deprecated), RFC 8429 (3DES and RC4 removed from Kerberos), RFC 6151 (MD5 security considerations) and RFC 6194 (SHA-1 security considerations). Where regulators state policy, the IETF states protocol reality; Korthex grades against both.

Why an IETF channel matters

Regulatory baselines tell you what an auditor expects; the RFC track tells you what the internet itself has retired. A TLS endpoint still negotiating TLS 1.0 is not just a compliance finding, it is running a protocol version the IETF formally deprecated in RFC 8996. Grading against the RFC trail catches this class regardless of which regulator applies to you.

What the channel tracks

  • RFC 8996: TLS 1.0 and TLS 1.1 deprecated, TLS 1.2+ required
  • RFC 8429: 3DES and RC4 removed from Kerberos suites
  • RFC 6151: MD5 no longer acceptable where collision resistance matters
  • RFC 6194: SHA-1 security considerations and migration expectations
  • Tagged as IETF-Standard on every finding the channel grades

Frequently asked questions

Who should activate the IETF channel?

Everyone running TLS. It is part of the recommended global profile (NIST + BSI + IETF + OWASP) because protocol deprecations apply regardless of jurisdiction.

How does this differ from the TLS audit itself?

The TLS certificate audit finds the configurations; the IETF channel supplies the deprecation rules they are graded against, with the RFC reference attached to each finding.

Is the channel updated when new RFCs land?

Yes, through the same 24-hour signed update cycle as every other channel.