Re: [Dots] DOTS: TLS 1.2 & TLS1.3
Benjamin Kaduk <kaduk@mit.edu> Thu, 16 August 2018 22:03 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E66FC130E0A for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 15:03:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.695
X-Spam-Level:
X-Spam-Status: No, score=-2.695 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DsBrbxmbtdit for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 15:03:18 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8090D12F295 for <dots@ietf.org>; Thu, 16 Aug 2018 15:03:18 -0700 (PDT)
X-AuditID: 1209190d-35fff700000014bb-28-5b75f4a52880
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 2B.AA.05307.5A4F57B5; Thu, 16 Aug 2018 18:03:17 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w7GM3FbP008693; Thu, 16 Aug 2018 18:03:16 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w7GM3Cst009235 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 16 Aug 2018 18:03:14 -0400
Date: Thu, 16 Aug 2018 17:03:12 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
Cc: "dots@ietf.org" <dots@ietf.org>
Message-ID: <20180816220312.GF40887@kduck.kaduk.org>
References: <787AE7BB302AE849A7480A190F8B93302DFAAD17@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DFAAD17@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrKIsWRmVeSWpSXmKPExsUixCmqrbv0S2m0wfsj0hZr3xxhtTj89im7 A5PHkiU/mTxanp1kC2CK4rJJSc3JLEst0rdL4Mp4fv4Aa8E87orPqw6wNzC+5Ohi5OCQEDCR mLUmsIuRi0NIYDGTxMPrGxkhnI2MEruaHrBBOFeZJJ69vskK0sEioCrxsqG4i5GTg01ARaKh +zIziC0ioCCxr62fBcRmFlCWaJo4lw3EFgayby+fClbDC7Ts18S1YDVCAokSpzdeYoeIC0qc nPkEqldL4sa/l0wgq5gFpCWW/+MACXMKJEnMu3oebKQo0Mi9fYfYJzAKzELSPQtJ9yyE7gWM zKsYZVNyq3RzEzNzilOTdYuTE/PyUot0jfRyM0v0UlNKNzGCQ1SSdwfjv7tehxgFOBiVeHgn rC2NFmJNLCuuzD3EKMnBpCTK+6UdKMSXlJ9SmZFYnBFfVJqTWnyIUYKDWUmEd+Z5oBxvSmJl VWpRPkxKmoNFSZz3Xk14tJBAemJJanZqakFqEUxWhoNDSYJ392egRsGi1PTUirTMnBKENBMH J8hwHqDhNz6BDC8uSMwtzkyHyJ9i1OX4837qJGYhlrz8vFQpcd7bIEUCIEUZpXlwc0CpRSJ7 f80rRnGgt4R5X4Gs4wGmJbhJr4CWMAEtmSYAtqQkESEl1cC4hkPRkfnVVk73TYXdKm5tVnu/ GOVofg4XMV9QN29Fz2/vn8obVz24Vi6Za9KfH5q8L3Fd7Y7f7rtFf+d/fG32P2DtmuYmEedF j6YtcjU+e/Imw1tD8QqNdt/G62/YLtz7VNa6qTVcTbvVqZ9VMP34A5ZYYRkTxePzL89h4jpi b3vwy8wblxqVWIozEg21mIuKEwG0J2m/CAMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/UbA8_E88QeLPSjl5AXZ5gG42UZs>
Subject: Re: [Dots] DOTS: TLS 1.2 & TLS1.3
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 22:03:20 -0000
On Thu, Aug 16, 2018 at 01:39:12PM +0000, mohamed.boucadair@orange.com wrote: > Hi Benjamin, > > Now that RFC8446 is out and given that it obsoletes RFC5246, we need your advice on how to proceed to (hopefully) avoid breaking existing implementations while still encouraging for TLS 1.3. FWIW, the current situation is as follows: > > * Existing DOTS implementations relies on TLS 1.2. > > * The signal channel draft mandates TLS 1.2 or later. > > * The signal channel draft specifies a profile for (D)TLS 1.3. (DTLS 1.3 is still a draft) All these are fine. > > Would it be OK if we maintain the current wording in the draft as it with some minor changes? (that is, only update TLS1.3 ID to RFC8446, remove reference to RFC5077, maintain RFC5246) idnits (and thus the genart and probably other reviewers) will complain about references to an obsoleted document, so I would try to minimize the references to 5246 to just those that are actually specific to 1.2. (For example, when talking about fatal alerts, use Section 6 of 8446 instead of Section 7.2 of 5246.) But it doesn't look like there are a great deal of such instances, so maybe it would still qualify ias "minor changes"? There's certainly going to be no opposition to continuing to allow the use of TLS 1.2 -- changing that would be too great a disruption to ongoing work to be advisable. Does that help? -Ben
- [Dots] DOTS: TLS 1.2 & TLS1.3 mohamed.boucadair
- Re: [Dots] DOTS: TLS 1.2 & TLS1.3 Benjamin Kaduk
- Re: [Dots] DOTS: TLS 1.2 & TLS1.3 Konda, Tirumaleswar Reddy