[Maprg] Fwd: Ben Campbell's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)
Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Wed, 25 October 2017 12:01 UTC
Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: maprg@ietfa.amsl.com
Delivered-To: maprg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5C5A1377B3 for <maprg@ietfa.amsl.com>; Wed, 25 Oct 2017 05:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jm9L3QluGEQv for <maprg@ietfa.amsl.com>; Wed, 25 Oct 2017 05:01:37 -0700 (PDT)
Received: from virgo02.ee.ethz.ch (virgo02.ee.ethz.ch [129.132.72.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA083137C2E for <maprg@irtf.org>; Wed, 25 Oct 2017 05:01:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by virgo02.ee.ethz.ch (Postfix) with ESMTP id 3yMTJJ2lVsz15LtJ for <maprg@irtf.org>; Wed, 25 Oct 2017 14:01:36 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at virgo02.ee.ethz.ch
Received: from virgo02.ee.ethz.ch ([127.0.0.1]) by localhost (virgo02.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZfgCimL-zrQ2 for <maprg@irtf.org>; Wed, 25 Oct 2017 14:01:33 +0200 (CEST)
X-MtScore: NO score=0
Received: from [192.168.178.33] (p5DEC26AD.dip0.t-ipconnect.de [93.236.38.173]) by virgo02.ee.ethz.ch (Postfix) with ESMTPSA for <maprg@irtf.org>; Wed, 25 Oct 2017 14:01:33 +0200 (CEST)
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Content-Type: multipart/alternative; boundary="Apple-Mail=_66DB0FBA-D7FD-46DC-AF76-D552D0A60D9A"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <285DACF7-3B51-403F-BB1F-41834B604289@tik.ee.ethz.ch>
References: <8777cf4c-499f-71b2-7da6-02f08d208bde@network-heretics.com>
To: maprg@irtf.org
Date: Wed, 25 Oct 2017 14:01:31 +0200
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/maprg/KlzORB_-yhwSQ-HQQe-Z18frg6c>
Subject: [Maprg] Fwd: Ben Campbell's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)
X-BeenThere: maprg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Measurement and Analysis for Protocols \(MAP\) \(Proposed\) RG mailing list" <maprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/maprg>, <mailto:maprg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/maprg/>
List-Post: <mailto:maprg@irtf.org>
List-Help: <mailto:maprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/maprg>, <mailto:maprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 12:01:45 -0000
Hi group, I’m forwarding a snip from the uta mailing list because there is a request for data. The question is how many of the deployed mail clients use/support TLS1.2 or higher. Does anybody has data? Mirja > Anfang der weitergeleiteten Nachricht: > > Von: Keith Moore <moore@network-heretics.com> > Betreff: Aw: Ben Campbell's Yes on draft-ietf-uta-email-deep-09: (with COMMENT) > Datum: 25. Oktober 2017 um 12:48:37 MESZ > An: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org> > Kopie: uta@ietf.org, draft-ietf-uta-email-deep@ietf.org, uta-chairs@ietf.org, leifj@sunet.se > >> -4.1, last paragraph: "It is RECOMMENDED that new users be required to use TLS >> version 1.1 >> or greater from the start." >> Is 1.1 correct? Why not start with 1.2? > > TLS 1.1 was a deliberate choice. Reality is that some new users will still be using old mail user agents, and there are often other factors that impair users' ability to upgrade. If new users were _required_ to use TLS 1.2, that would essentially prevent them from getting new email service, or maybe force them to spend large amounts of money for new hardware and/or software in order to do so. Either that or mail service providers might legitimately claim that they had good reason to take exception to the RECOMMENDED keyword and the paragraph would have no beneficial effect. > > It's basically a judgment call - what policy on the part of mail service providers results in the best security overall? It appears possible to err on the side of either too strict or too loose. > > That said, some of the text in this draft is three years old, and conditions have changed somewhat in that interval. If 99% of deployed user agents implement TLS 1.2, requiring 1.2 for new users would probably not bother me. But if the figure were closer to 90%, it would bother me. Maybe someone has actual figures, but I suspect the actual level of deployment is still well less than 90%.
- [Maprg] Fwd: Ben Campbell's Yes on draft-ietf-uta… Mirja Kühlewind