[Anima] Concern about draft-ietf-uta-require-tls13-10 with IoT protocols
Toerless Eckert <tte@cs.fau.de> Tue, 08 April 2025 16:05 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@mail2.ietf.org
Delivered-To: anima@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5771C190B977; Tue, 8 Apr 2025 09:05:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWb7wmdEdR-P; Tue, 8 Apr 2025 09:05:40 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 64C36190B888; Tue, 8 Apr 2025 09:05:26 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4ZX9sG4mshz1R8Hr; Tue, 8 Apr 2025 18:05:22 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4ZX9sG3x4Wzl0Bv; Tue, 8 Apr 2025 18:05:22 +0200 (CEST)
Date: Tue, 08 Apr 2025 18:05:22 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: "draft-ietf-uta-require-tls13.all@ietf.org" <draft-ietf-uta-require-tls13.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "uta@ietf.org" <uta@ietf.org>, iesg@ietf.org
Message-ID: <Z_VJQs67l95i0PlW@faui48e.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Message-ID-Hash: 7I2AIDX6NAYIP6OLKIB5546JYUVETIBW
X-Message-ID-Hash: 7I2AIDX6NAYIP6OLKIB5546JYUVETIBW
X-MailFrom: eckert@i4.informatik.uni-erlangen.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: iotops@ietf.org, anima@ietf.org, draft-ietf-anima-brski-prm@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Anima] Concern about draft-ietf-uta-require-tls13-10 with IoT protocols
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/8HLrJ_PLjIbf11gZjMTuXkC2Z9g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>
Dear IESG, *:
We received IESG review for draft-ietf-anima-brski-prm that was asking to
make the use of TLS 1.3 mandatory based on the expectation that draft-ietf-uta-require-tls13
would become RFC - unless we provide sufficient justification in our (prm) draft.
I would like to point out, that it is the current version of draft-ietf-uta-require-tls13
whose core applicability reasoning is misleading:
"since TLS 1.3 use is widespread, ...
new protocols that use TLS must require and assume its existence
This is not correct. Correct would be is:
"since TLS 1.3 use is widespread in browser, ...
new protocols that use browsers and TLS must require its use and assume its existence,
protocols not using browsers must recommend its use and assume its existance
Recommending, but not requiring the use of TLS 1.3 is unfortunately necessary for
quite a while for the much larger space of IOT equipment and protocols written
for non-browser enviroments where IOT equipment is important to be supported.
Such IOT equipment often comes with SDK that can not be upgraded for long periods of
time, sometimes as long as 10 years or longer, and/or solutions where upgrade of SDK
(including OS) would require very expensive re-certification such as FIPS 140 or
required regulatory requirements.
If you think this is not appropriate, then please stop flying planes, because
planes are one example of systems in which basic systems are not possible to rewrite
from scratch because they can not for various, including financial reasons be
re-qualified at such a base level.
I hope other readers of this email worrying about being able to apply IETF
protocol standards to IOT environment can chime in on this concerns.
Short of that, the above text is suggested re-write of the core applicability
point of the UTA draft. There may be other text to update.
Cheers
Toerless
- [Anima] Concern about draft-ietf-uta-require-tls1… Toerless Eckert
- [Anima] Re: Concern about draft-ietf-uta-require-… Alan DeKok
- [Anima] Re: [Uta] Concern about draft-ietf-uta-re… Eric Rescorla
- [Anima] Re: Concern about draft-ietf-uta-require-… Valery Smyslov
- [Anima] Re: Concern about draft-ietf-uta-require-… Michael Richardson
- [Anima] Re: Concern about draft-ietf-uta-require-… Salz, Rich
- [Anima] Re: Concern about draft-ietf-uta-require-… mohamed.boucadair
- [Anima] Re: [Iotops] Re: Concern about draft-ietf… Behcet Sarikaya
- [Anima] Re: [Last-Call] Re: Concern about draft-i… Toerless Eckert
- [Anima] Re: [Last-Call] Re: [Uta] Concern about d… Toerless Eckert
- [Anima] Re: [Last-Call] Re: Concern about draft-i… 'Toerless Eckert'
- [Anima] Re: [Last-Call] Re: [Uta] Concern about d… Eric Rescorla
- [Anima] Re: [Uta] Re: Concern about draft-ietf-ut… Peter Gutmann
- [Anima] Re: [Last-Call] Re: Concern about draft-i… Toerless Eckert
- [Anima] Re: [Last-Call] Re: [Uta] Concern about d… Toerless Eckert
- [Anima] Re: [Uta] Re: [Last-Call] Re: Concern abo… Peter Gutmann
- [Anima] Re: [Uta] Re: Concern about draft-ietf-ut… Michael Richardson
- [Anima] Re: [Last-Call] Re: [Uta] Re: Re: Concern… Paul Wouters
- [Anima] Re: [Uta] Re: [Last-Call] Re: Concern abo… Salz, Rich
- [Anima] Re: [Uta] [Last-Call] Re: Concern about d… Michael Richardson
- [Anima] Re: [Uta] Re: [Last-Call] Re: Concern abo… Eric Rescorla
- [Anima] Re: [Uta] Re: Concern about draft-ietf-ut… Eric Rescorla
- [Anima] Re: [Uta] [Last-Call] Re: Concern about d… Alan DeKok
- [Anima] Re: [Uta] [Last-Call] Re: Concern about d… Salz, Rich
- [Anima] Re: [Iotops] Re: Re: [Uta] Re: Concern ab… Henk Birkholz
- [Anima] Re: [Uta] Re: [Last-Call] Re: Concern abo… Michael Richardson
- [Anima] Re: [Uta] [Last-Call] Re: Concern about d… Salz, Rich
- [Anima] Re: [Uta] [Last-Call] Re: Concern about d… Michael Richardson
- [Anima] Re: [Last-Call] Re: [Uta] Concern about d… Eric Rescorla
- [Anima] Re: [Iotops] [Uta] [Last-Call] Re: Concer… Michael Sweet
- [Anima] Re: [Last-Call] Re: [Uta] Concern about d… Jared Mauch
- [Anima] Re: [Uta] Re: [Last-Call] Concern about d… Eric Rescorla
- [Anima] Re: [Last-Call] [Uta] Concern about draft… Alan DeKok
- [Anima] Re: [Iotops] Re: Concern about draft-ietf… Alper Kamil Demir
- [Anima] Re: [Uta] Re: [Last-Call] Concern about d… Eric Rescorla
- [Anima] Re: [Iotops] [Uta] [Last-Call] Re: Concer… Michael Richardson
- [Anima] Re: [Iotops] [Uta] [Last-Call] Re: Concer… Salz, Rich
- [Anima] Re: [Iotops] [Uta] [Last-Call] Re: Concer… Michael Richardson
- [Anima] Re: [Last-Call] [Uta] Concern about draft… Jared Mauch
- [Anima] Re: [Last-Call] Re: [Iotops] Re: Concern … Toerless Eckert
- [Anima] Re: [Iotops] [Uta] [Last-Call] Re: Concer… Salz, Rich
- [Anima] Re: [Iotops] Re: [Last-Call] Concern abou… mohamed.boucadair
- [Anima] Re: [Uta] Re: [Last-Call] Re: [Iotops] Re… Peter Gutmann
- [Anima] Re: [Last-Call] Concern about draft-ietf-… Jared Mauch