IETF Logo Mail Archive

[rtcweb] draft-ietf-rtcweb-security-arch-09: DTLS 1.2 only?

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 16 April 2014 22:31 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F18821A03C9 for <rtcweb@ietfa.amsl.com>; Wed, 16 Apr 2014 15:31:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E7qvzqI7rcsS for <rtcweb@ietfa.amsl.com>; Wed, 16 Apr 2014 15:31:42 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0240.outbound.protection.outlook.com [207.46.163.240]) by ietfa.amsl.com (Postfix) with ESMTP id B827B1A0365 for <rtcweb@ietf.org>; Wed, 16 Apr 2014 15:31:42 -0700 (PDT)
Received: from BY2PR03MB427.namprd03.prod.outlook.com (10.141.141.146) by BY2PR03MB425.namprd03.prod.outlook.com (10.141.141.139) with Microsoft SMTP Server (TLS) id 15.0.918.8; Wed, 16 Apr 2014 22:31:38 +0000
Received: from BY2PR03MB427.namprd03.prod.outlook.com ([10.141.141.146]) by BY2PR03MB427.namprd03.prod.outlook.com ([10.141.141.146]) with mapi id 15.00.0918.000; Wed, 16 Apr 2014 22:31:38 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: draft-ietf-rtcweb-security-arch-09: DTLS 1.2 only?
Thread-Index: Ac9Zw5ansFOV9k7GQvai4TDmd4zOig==
Date: Wed, 16 Apr 2014 22:31:37 +0000
Message-ID: <99c75200c5e742b5946ec8e0a850e13d@BY2PR03MB427.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::3]
x-forefront-prvs: 01834E39B7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(199002)(189002)(86362001)(81542001)(54356999)(16236675002)(46102001)(50986999)(99286001)(77096999)(99396002)(76482001)(92566001)(74662001)(2656002)(76576001)(87936001)(81342001)(80022001)(15202345003)(86612001)(15975445006)(74502001)(79102001)(4396001)(77982001)(19300405004)(20776003)(31966008)(74316001)(19580395003)(83322001)(85852003)(83072002)(80976001)(33646001)(24736002)(3826001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB425; H:BY2PR03MB427.namprd03.prod.outlook.com; FPR:79FAE8DF.D3DA4CA.2D71954E.DC8C7C38.200DF; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
Content-Type: multipart/alternative; boundary="_000_99c75200c5e742b5946ec8e0a850e13dBY2PR03MB427namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/P7aMW5knftGAZZTLujo-nV_JcF0
X-Mailman-Approved-At: Wed, 16 Apr 2014 15:41:45 -0700
Subject: [rtcweb] draft-ietf-rtcweb-security-arch-09: DTLS 1.2 only?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 22:31:45 -0000

draft-ietf-rtcweb-security-arch-09. says:

" [[OPEN ISSUE:  Are these the right cipher suites?]]  All
   implementations MUST implement the following two cipher suites:
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and
   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ..."

These are (D)TLS 1.2 cipher suites; I think this requirement would exclude DTLS 1.0 implementations. For easier/broader adoption, would it make sense to allow DTLS 1.0?

Cheers,

Andrei

v2.23.0 | Report a Bug | By Email