Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Eliot Lear <lear@cisco.com> Wed, 02 December 2020 10:54 UTC
Return-Path: <lear@cisco.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3AA43A10F3; Wed, 2 Dec 2020 02:54:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fuFWpK22jmuC; Wed, 2 Dec 2020 02:54:27 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DEB33A10F0; Wed, 2 Dec 2020 02:54:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2196; q=dns/txt; s=iport; t=1606906466; x=1608116066; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=c8DggAVaXm4+xaQrbRoSWZBFOpZ5k47vhBnnkSh/IYo=; b=ZZBZxVG1V2kHR/WHUvtQ1vMHmjd+jySZLY1vOHxS+LGGmESkUcek3s9J h51H78DuKSMFv+RAONr1PkU1Fn97PtswiojSHXOX8M5fsy5CCY4nBPV7s yHpbjpOX2mQExIXpathrEMLyxs2N6GDu+kSoffgNOeX13lBpDDse9SkmT 0=;
X-Files: signature.asc : 488
X-IPAS-Result: A0DkAAC4ccdf/xbLJq1iDg4BAQEBAQEHAQESAQEEBAEBgX4EAQELAYN1ASASLoQ8iQSHfCecMgQHAQEBCgMBAS8EAQGESgKCFSY3Bg4CAwEBAQMCAwEBAQEFAQEBAgEGBHGFbYVyAQEBAwEjVgULCw4KIwcCAlcGE4MmAYJmIKwGdoEyhVeEdRCBOAGBUowIggCBOAwQglU+h1UzgiwEkQeCOYkpnA+CfIMegTeWXgMWCZJsjziwP12DawIEBgUCFYFsJIFXMxoIGxVlAYI+PhIZDY5YjVJBQAMwNwIGAQkBAQMJkH4BAQ
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.78,386,1599523200"; d="asc'?scan'208";a="31576151"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Dec 2020 10:54:22 +0000
Received: from [10.61.166.94] ([10.61.166.94]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 0B2AsLqe024307 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 2 Dec 2020 10:54:21 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <EEFAB41B-1307-4596-8A2E-11BF8C1A2330@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_27512AB0-59A6-4FC3-BA76-A5E0B81BBE75"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Wed, 02 Dec 2020 11:54:20 +0100
In-Reply-To: <1606905858825.10547@cs.auckland.ac.nz>
Cc: "STARK, BARBARA H" <bs7652@att.com>, "last-call@ietf.org" <last-call@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "draft-ietf-tls-oldversions-deprecate@ietf.org" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "tls@ietf.org" <tls@ietf.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <1606814941532.76373@cs.auckland.ac.nz> <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com> <SN6PR02MB4512D55EC7F4EB00F5338631C3F40@SN6PR02MB4512.namprd02.prod.outlook.com> <1606905858825.10547@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Outbound-SMTP-Client: 10.61.166.94, [10.61.166.94]
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/ENFnVv72Oqq2xfDmdZ4YXqjN6CI>
Subject: Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 10:54:29 -0000
> On 2 Dec 2020, at 11:44, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > > > It's actually the complete opposite, they will have every difficulty in doing > so. You've got systems engineers whose job it is to keep things running at > all costs, or where the effort to replace/upgrade is almost insurmountable, > who now have to deal with pronouncements from standards groups that insist > they not keep things running. I don't know where you get this idea that this > will cause "no difficulty" from, it's a source of endless difficulty and > frustration due to the clash between "we can't replace or upgrade these > systems at the moment" and "there's some document that's just popped up > that says we need to take them out of production and replace them”. That is as it should be. Let everyone understand the risks and make informed decisions. This draft does an excellent job at laying out the vulnerabilities in TLS 1.0 and 1.1. What it cannot do is adjudicate risk in every situation. If someone has done so and decided that the risk is acceptable, very well. They went in eyes wide open, and Stephen and friends helped. Eliot
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Sean Turner
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… RFC ISE (Adrian Farrel)
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Martin Duke
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Olle E. Johansson
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Blumenthal, Uri - 0553 - MITLL
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Bill Frantz
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Joe Abley
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Gary Gapinski
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Watson Ladd
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… BRUNGARD, DEBORAH A
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ben Smyth
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… BRUNGARD, DEBORAH A
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… tom petch
- [Last-Call] Next steps on Deprecation/Obsolescenc… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Rob Sayre
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ackermann, Michael
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eric Rescorla
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Nick Hilliard
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Nick Hilliard
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Christian de Larrinaga
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Kathleen Moriarty
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Michael Richardson
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eric Rescorla
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ted Lemon
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Stewart Bryant
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ted Lemon
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Christian de Larrinaga
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Kathleen Moriarty
- [Last-Call] How old is too old and what this mean… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Michael Richardson
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch