RE: TLS 1.1/1.2 impact on applications protocols
"Scott Hollenbeck" <sah-ietf@tengwar.com> Tue, 30 January 2007 18:36 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1HBxps-0004fi-28; Tue, 30 Jan 2007 13:36:04 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1HBwMh-0007Nw-AM
for discuss@apps.ietf.org; Tue, 30 Jan 2007 12:01:51 -0500
Received: from cliffie.verisignlabs.com ([65.201.175.9])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HBwMg-0000k4-37
for discuss@apps.ietf.org; Tue, 30 Jan 2007 12:01:51 -0500
Received: from monsoon.verisignlabs.com (scooter.bo.verisignlabs.com
[172.25.170.10])
by cliffie.verisignlabs.com (Postfix) with ESMTP id 8D0961366CF;
Tue, 30 Jan 2007 12:01:39 -0500 (EST)
Received: from dul1shollenbl1 (dul1shollenb-l1.vcorp.ad.vrsn.com
[10.131.30.36])
by monsoon.verisignlabs.com (Postfix) with ESMTP id 61C45137B6A;
Tue, 30 Jan 2007 12:01:39 -0500 (EST)
From: "Scott Hollenbeck" <sah-ietf@tengwar.com>
To: "Scott Hollenbeck" <sah-ietf@tengwar.com>
References: <DD5C1C952BE6B88FBB571B04@[10.1.110.5]>
Subject: RE: TLS 1.1/1.2 impact on applications protocols
Date: Tue, 30 Jan 2007 12:02:35 -0500
Message-ID: <000001c74490$70856c00$241e830a@vcorp.ad.vrsn.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_01C74466.87AF6400"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcdEKJRA18rbkd0zTamFdBqqZCWWwAANiYwg
In-Reply-To: <DD5C1C952BE6B88FBB571B04@[10.1.110.5]>
x-mimeole: Produced By Microsoft MimeOLE V6.00.2900.2180
x-olkeid: 02C41520214F5DC94561F2428A95B2A51BA14756
X-MS-TNEF-Correlator: 000000006412D0F74E2E1D4D922E972CF1AB7EB307003CD14E451751BD42BA48AAA50B07BAD60000000B1E3600008DF021A98B708045980B2056266E8E3600000D04E52A0000
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5ebbf074524e58e662bc8209a6235027
X-Mailman-Approved-At: Tue, 30 Jan 2007 13:36:03 -0500
Cc:
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols
<discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
> -----Original Message----- > From: Chris Newman [mailto:Chris.Newman@Sun.COM] > Sent: Monday, January 29, 2007 11:38 PM > To: Apps Discuss > Cc: Pasi Eronen; Eric Rescorla > Subject: TLS 1.1/1.2 impact on applications protocols > > The changes that are happening in the TLS WG with the > publication of TLS 1.1 and the upcoming TLS 1.2 do have a > significant impact on application deployment. Many of our > application protocols make TLS 1.0 mandatory-to-implement. > I'd like to see a discussion of the importance of transition > to 1.2 (when it comes out) and the real-world problems that > might occur. Do we need to update our application protocol > specifications to mandate the newer version? Or perhaps we > need an app-area RFC which does that to a set of application > protocols? > > Can we just have a blanket exception to the standards status > (proposed/draft/full) reference rules for the TLS base spec > (and trust the TLS WG to do the right thing)? It seems more > important to keep up-to-date on security technology than to > have normative reference purity. > > Perhaps this would be a good topic for the Prague apparea meeting? I just ran into this very situation in the process of bringing EPP (RFCs 3730 - 3734) to Draft. The IESG was OK with a normative downward reference to TLS 1.0 and some additional text to note that the work is still evolving. Here's what we agreed to say: "When layered over TCP, the Transport Layer Security (TLS) Protocol version 1.0 [RFC2246] or its successors (such as TLS 1.1 [RFC4346]), using the latest version supported by both parties, MUST be used to provide integrity, confidentiality, and mutual strong client-server authentication." The reference to 2246 is normative; a downref note and exception processing was required. The reference to 4346 is informative. This approach worked because EPP does not depend on any version-specific features of TLS. The situation may well be different for other protocols. -Scott-
- TLS 1.1/1.2 impact on applications protocols Chris Newman
- RE: TLS 1.1/1.2 impact on applications protocols Scott Hollenbeck
- Re: TLS 1.1/1.2 impact on applications protocols Mark Nottingham
- Re: TLS 1.1/1.2 impact on applications protocols Brian E Carpenter
- Re: TLS 1.1/1.2 impact on applications protocols Keith Moore