Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sun, 06 December 2020 13:01 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13D113A0D4C; Sun, 6 Dec 2020 05:01:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YjkC8sztgvn3; Sun, 6 Dec 2020 05:01:29 -0800 (PST)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD94C3A0D4B; Sun, 6 Dec 2020 05:01:28 -0800 (PST)
Received: by mail-qt1-x834.google.com with SMTP id 7so7506052qtp.1; Sun, 06 Dec 2020 05:01:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=U+fqEQFqurqa7HC0sZhWI7/sXeTAdAab/eq7WH6K/6k=; b=EeY+2utUJFE1qQkakWNlVBsESIMOaSiqjpVhanfE1r+7Vg/huEHT+T4MvA/SmMFrgx aSWtVe8kFHNHQKAUdZskHI4QgnVWen4uQuqTPsaYtj9NVDcTOFyUP4kKnbkMM2U7Jt39 ER7jMgBi2GkbT8gsRP53pFXtaiRJnJ0rGZOnH/xPhvp1lZAOheiWWXR0sbtG83QsJPey 0loXiMRwzuTye+hqz0nj9V6uy4hN1IjDftsLSddhrh8eZlMz4/mEbqMpUT1NSUxCPJSR OO3x7ln3f/hOuag+6IR/KtnSk39/t2BFZKNcbg8UrkTAsln1TykwZsc5IG5IP4vEhRM4 tI+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=U+fqEQFqurqa7HC0sZhWI7/sXeTAdAab/eq7WH6K/6k=; b=mnMH+7bj9IwSyuP1p1kAO/OSNJwdGX0t37bXE9E8TmR8LA4f7rhbhsXjYNfrz0Xi4e uR/DnouJ4CBzSA0pJYlN2qstL/yaddDKJdiXuu/Z9Ux00acpjAeZ/ANeEQYm9yLqYC+C mIYbrYF5fSX+xdThZgFWmK9w+Gkb31xa64wf8UsG9pV2fuAZF9dzI5CU2SmLO7kQ4AAN 0o5C8zV70lRpx0AJSivZffloOkfTctLsTXubBHDOurmIzSqH5UP7PRON3fPSIJO8sioN ThRvDcmKL0qG6KSE+K6a5e2zMrVivaSgBRrvwM0RduDThucWQZy3SN74yKOZvDMo8S+z tEVQ==
X-Gm-Message-State: AOAM530SZQK0smDSE8Ykm+62PBgAK8AZhKaDU/MdDft/BLxKVXh7Ivn/ iP1NU6JAioObOUYaWFLH5h34q9fG8MOYLw==
X-Google-Smtp-Source: ABdhPJzsjT4JHZTNMrv7Ckq0p3B44TsxdVzP+vwufU5eYRv470xvBJkLxGW1sJUQLRQOJyo3+cS2QA==
X-Received: by 2002:ac8:1486:: with SMTP id l6mr18352168qtj.123.1607259687573; Sun, 06 Dec 2020 05:01:27 -0800 (PST)
Received: from [192.168.86.34] (146-115-101-80.s7246.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.101.80]) by smtp.gmail.com with ESMTPSA id v28sm9754049qkj.103.2020.12.06.05.01.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 06 Dec 2020 05:01:27 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Sun, 06 Dec 2020 08:01:26 -0500
Message-Id: <F8F5CDC5-F1FD-4FE7-9EF1-CDAFB9E0A672@gmail.com>
References: <0f0c1e88-2f93-ecdf-cea4-5cfbe56b3908@network-heretics.com>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, last-call@ietf.org, draft-ietf-tls-oldversions-deprecate@ietf.org, tls-chairs@ietf.org, tls@ietf.org
In-Reply-To: <0f0c1e88-2f93-ecdf-cea4-5cfbe56b3908@network-heretics.com>
To: Keith Moore <moore@network-heretics.com>
X-Mailer: iPhone Mail (18B92)
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/bCCbCk6gVbEQu0_Fiba-AQXYFB0>
Subject: Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2020 13:01:31 -0000
I disagree here as those other implementations just need to make their own business risk decisions and put in place an exception process. One option in the risk decision process is to accept risk, you can also mitigate, eliminate, or transfer the risk. Best regards, Kathleen Sent from my mobile device > On Dec 1, 2020, at 7:57 AM, Keith Moore <moore@network-heretics.com> wrote: > > On 12/1/20 4:29 AM, Peter Gutmann wrote: > >> I think all it needs is something along the lines of "This BCP applies to TLS >> as used on the public Internet [Not part of the text but meaning the area that >> the IETF creates standards for]. > > Not specifically relevant to this draft, but: Is it actually defined anywhere that IETF standards only apply to the public Internet? IMO IETF needs to realize that implementations of its standards are used outside of the public Internet and consider that when writing its documents. (even though different rules may be appropriate on private and mostly-isolated networks) > > Keith > > p.s. I keep thinking that this "MUST NOT TLS < 1.2" recommendation is like a public health recommendation, one that is worded over-simply to try to make it have maximum useful effect but perhaps to the point of being misleading or even harmful. e.g. "You MUST wear masks to reduce the spread of COVID-19", but not saying "oh yeah, if you're outdoors and not around other people you're probably fine without a mask" and "masks are pointless if you only wear them over your mouths or chins", and "the masks that have valves in them to allow exhaled breath to exit unimpeded are also useless for this purpose" and "you need to wear them when indoors and around co-workers, not merely when customers or visitors are present". At least where I live I see so many people using masks in ineffective ways that I don't think the simple recommendation is working, though I'm not sure that a more detailed recommendation would work better. > >
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Sean Turner
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… RFC ISE (Adrian Farrel)
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Martin Duke
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Olle E. Johansson
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Blumenthal, Uri - 0553 - MITLL
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Bill Frantz
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Joe Abley
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Gary Gapinski
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Watson Ladd
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… BRUNGARD, DEBORAH A
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ben Smyth
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… BRUNGARD, DEBORAH A
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… tom petch
- [Last-Call] Next steps on Deprecation/Obsolescenc… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Rob Sayre
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ackermann, Michael
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eric Rescorla
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Nick Hilliard
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Nick Hilliard
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Christian de Larrinaga
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Salz, Rich
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Kathleen Moriarty
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Michael Richardson
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eric Rescorla
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ted Lemon
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Stewart Bryant
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Ted Lemon
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Christian de Larrinaga
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Kathleen Moriarty
- [Last-Call] How old is too old and what this mean… Eliot Lear
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Michael Richardson
- Re: [Last-Call] Next steps on Deprecation/Obsoles… Rob Sayre
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-ietf-tls-oldver… tom petch