Re: Proposed Statement on "HTTPS everywhere for the IETF"

t.p. <daedulus@btconnect.com> Wed, 03 June 2015 11:29 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63B111A1BE3 for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 04:29:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4L19vgbBGDn2 for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 04:29:55 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0748.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::748]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E45B91A1BDD for <ietf@ietf.org>; Wed, 3 Jun 2015 04:29:53 -0700 (PDT)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=daedulus@btconnect.com;
Received: from pc6 (81.151.162.168) by DB4PR07MB252.eurprd07.prod.outlook.com (10.242.231.153) with Microsoft SMTP Server (TLS) id 15.1.172.22; Wed, 3 Jun 2015 10:49:53 +0000
Message-ID: <02a401d09dea$af46b860$4001a8c0@gateway.2wire.net>
From: t.p. <daedulus@btconnect.com>
To: Jari Arkko <jari.arkko@piuha.net>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <CAL02cgRPFooA5fVFwvdprb3wPD+Y55pD+7RWjkACDv7T_TBW5Q@mail.gmail.com> <556DE0EF.2040809@isi.edu> <CAL02cgSdSFOaDqz9+jAZ7KsoMXOa5u=ff_i=c3EQ-SG0-ZPG7A@mail.gmail.com> <556DFCF7.3020607@isi.edu> <CAL02cgSOWpV51mQUdmeFwJaDS1fDWfG5Du4tRGgVW8OtvR1z3Q@mail.gmail.com> <556E1F7C.7060602@isi.edu> <CAL02cgTDXkmUwVHWo2_jrj+Lj4AcxnMUj98V2L4wqLrB9Mf9cw@mail.gmail.com> <556E229F.4050807@isi.edu> <F3F507B8-65BA-465B-9C4B-97AE059D3652@piuha.net>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
Date: Wed, 3 Jun 2015 11:47:20 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [81.151.162.168]
X-ClientProxiedBy: AM3PR03CA015.eurprd03.prod.outlook.com (10.141.191.143) To DB4PR07MB252.eurprd07.prod.outlook.com (10.242.231.153)
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB4PR07MB252;
X-Microsoft-Antispam-PRVS: <DB4PR07MB2522EAB4E310D212A2472CFC6B40@DB4PR07MB252.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(520003)(3002001); SRVR:DB4PR07MB252; BCL:0; PCL:0; RULEID:; SRVR:DB4PR07MB252;
X-Forefront-PRVS: 05961EBAFC
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(377454003)(199003)(189002)(105586002)(101416001)(77156002)(62966003)(92566002)(1556002)(87976001)(122386002)(40100003)(68736005)(1456003)(76176999)(77096005)(81816999)(81686999)(50986999)(86362001)(19580395003)(19580405001)(84392001)(5001860100001)(5001830100001)(81156007)(4001540100001)(97736004)(5001960100002)(110136002)(5001920100001)(189998001)(116806002)(44736004)(50226001)(62236002)(44716002)(50466002)(46102003)(14496001)(23756003)(93886004)(61296003)(42186005)(33646002)(106356001)(66066001)(64706001)(47776003)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR07MB252; H:pc6; FPR:; SPF:None; PTR:InfoNoRecords; A:0; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2015 10:49:53.5670 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR07MB252
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/9TjPLWncn5AhKdnx75UdJxwApaU>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 11:29:56 -0000

----- Original Message -----
From: "Jari Arkko" <jari.arkko@piuha.net>
To: "Joe Touch" <touch@isi.edu>
Cc: "Richard Barnes" <rlb@ipv.sx>sx>; <ietf@ietf.org>
Sent: Wednesday, June 03, 2015 4:55 AM

I am not sure the discussion about blocking is relevant. We will change
defaults, but cleartext is still available.

<tp>

I note that the statement makes TLS 1.2 a MUST and earlier versions of
TLS a SHOULD NOT.

In practical terms, what levels of browser will we be required to have
in order to be able to use TLS 1.2?

Tom Petch

Jari