Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 24 September 2019 10:54 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7605F12010E; Tue, 24 Sep 2019 03:54:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id maI3QzTToIV2; Tue, 24 Sep 2019 03:54:22 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70074.outbound.protection.outlook.com [40.107.7.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DAE11201DE; Tue, 24 Sep 2019 03:54:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f9sKAR8/lF51P0zgvidmXrT4Ahlfj6pcM3pQ/0FcHOeq9DC9zK3VZtWv54zFQDfFyzZ3xRklhiK2vbh57/2Z3Tj470CPEiAio6uexht1Hpo3E3Wj0KE++b3rbntXBxbkOdDebhNLianlf5Wf0461VkdDxG3cSpVXycOHxx0FBjAU1mmE3g8HKpbPPbW23+yTS5auMEKOxMF6jYPK7v1m3wc1Utb/LGsJUCGpDQZEfu2R9MYo4rUuhn9yPTLOnsD2BVsF24NTZq3k7PWN7EUh9LqKA9jH/yDLhkbRxYVmlJMGLHZppvwiLGMvlflg5uXCJs0FCGCGLuJR5suF8WzEsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=onoZN4KhDqDQKDC6xHxlILax61VuRA9poGmPOXAIxNw=; b=NRXyMEI0+FUy8cMqxvBPsCy8qK3PYMlYdlFJlmvUwBRMxnaGrhyatBtWYXNNI5173N8awmiiuKkRtiPJy/Ld0dipX2MsHGiBH+7qnCOt1vbixTiE49HPgYNjZTrwNcfbPGsmbN2nerXQmfAeVBZCOZpMowRxs+xaXa1S51RLHCIJ5cM6oyAl037dTORtF3OSABKtyvkj3JXBDHtGvltJNdu8L30KEQt5VxGWgZfSTnTtS1fqZ33S9u6A8/7Y0ejmrS5NewH4QdzjK3pPGJ7BB/eNegWv4W8qvinYJsY9gFp7akEu+y09C7SBuVHCaJq0lPm+1CoCEauqAGf3foQHzg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=onoZN4KhDqDQKDC6xHxlILax61VuRA9poGmPOXAIxNw=; b=keUOzmP1wxwdWHn1affw6BGfZKSPC1DUDM2CoO3xTjN9r1u9rSZ0lChXOInpKysLxjCxXvmhnZWA7OEUyNWiTBpLcbzRKJ5ElNgqQ7GTRmfSgayDQun/EAu23i+2Hg8CibBSniZVD9EzowAs3anQBsX9NLgvWn2SWhraeF6S2rA=
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com (20.177.194.155) by DB7PR07MB5371.eurprd07.prod.outlook.com (20.178.84.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.12; Tue, 24 Sep 2019 10:54:19 +0000
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4]) by DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4%7]) with mapi id 15.20.2305.013; Tue, 24 Sep 2019 10:54:19 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dtn@ietf.org" <dtn@ietf.org>, "magnus.westerlund=40ericsson.com@dmarc.ietf.org" <magnus.westerlund=40ericsson.com@dmarc.ietf.org>, "draft-ietf-dtn-tcpclv4@ietf.org" <draft-ietf-dtn-tcpclv4@ietf.org>
Thread-Topic: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
Thread-Index: AdVG21EHJDIckyVtR8mDiK6Q+2uHtgmtVlwAAU1v0AA=
Date: Tue, 24 Sep 2019 10:54:19 +0000
Message-ID: <4bb6eb600edde10f5b6cd7cc7b4137bf46571323.camel@ericsson.com>
References: <HE1PR0701MB2522C8240E7E28BFC11B80CD95DE0@HE1PR0701MB2522.eurprd07.prod.outlook.com> <2de394b5914ffd486b92f3119eda28a44f153c35.camel@ericsson.com>
In-Reply-To: <2de394b5914ffd486b92f3119eda28a44f153c35.camel@ericsson.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.83]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 01ae0580-b941-4ca0-0aae-08d740dd8d16
x-ms-traffictypediagnostic: DB7PR07MB5371:
x-microsoft-antispam-prvs: <DB7PR07MB537121759E8C69A7046783AF95840@DB7PR07MB5371.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0170DAF08C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(376002)(366004)(136003)(396003)(189003)(199004)(76116006)(66476007)(86362001)(66616009)(66946007)(26005)(2501003)(6486002)(71190400001)(99936001)(36756003)(8936002)(71200400001)(91956017)(14454004)(66066001)(6506007)(229853002)(102836004)(256004)(14444005)(476003)(2616005)(76176011)(486006)(6116002)(6512007)(2906002)(3846002)(81166006)(8676002)(305945005)(81156014)(7736002)(44832011)(446003)(186003)(66446008)(64756008)(66556008)(6436002)(110136005)(478600001)(99286004)(11346002)(25786009)(5660300002)(6246003)(316002)(118296001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB5371; H:DB7PR07MB5736.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wiXMGcYd/uwXoF9jTKNMAsu1zwWnMS9XlB6p3XtSMm+4CjTfISwePpvfFtLQF8zuUWd2pReXUBKjnWvPQ+8znNdNbiIRg/brBPRtvubruR0MKuHOk7lpk9B6tEXRncfDWqN5MIH60+KIByuZAzxa629DzGdp1Bc/JkDxsa4WizGuGNsbIFu8MJ7IVsbh2OuzXr0frGYSD0PFXkrNYmeymcm235hwS78Fo1nx/IusNd5L2EayR8dge0eTqB5GXixUToQo1hFjRjFhScl0fkg94Po1AqYXnYg85qqEs7Cwxq1dyzA/9nTNNNyGn75kJbLPx5i08k8E7Wg5vFxskEHDwmZtDDs9ry3aS7CpxeOCgeYT0XuULGDb61GpIjjkAdpVKfpVhKRjbZxwByVBI6iLQyotepdls7lEBRKhSOvDFjY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-yMRyCB17GZf3qJll+HeA"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01ae0580-b941-4ca0-0aae-08d740dd8d16
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2019 10:54:19.4227 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: w0wBBEiADu88Kz5MTkA58kUiPVpG4MN2+nawqZmpsd78K2vtfm1GRnYTVqAkYliNDOoB8CIMQd2UGYh5szX3vo+NuAmZn2Isa8cApTGnfwA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5371
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/Cd0oE9Y-E_biShO1yp5vRnRG1tE>
Subject: Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 10:54:27 -0000

Hi,

On the particular issue of BCP 195

On Tue, 2019-09-17 at 19:47 +0000, Magnus Westerlund wrote:
> 
> > 
> > Section 4.4: Dealing with new TLS versions. BCP 195 does not appear
> > to me to define how to deal with newer versions. However, as TLS 1.3
> > already exist I think this is from the start a relevant question. 
> 
> I am asking the security ADs if it is current and sufficient with the
> BCP 195 reference. 
> 

As they have defined a mechanism that ensures that a server that supports both
TLS 1.3 and TLS 1.2 can indicate that is supports TLS 1.3 in TLS 1.2 there is no
potential for downgrades here. 

So the simple answer is that BCP 195 is sufficient. 

 
Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------