Re: [rtcweb] draft-ietf-rtcweb-security-arch-09: DTLS 1.2 only?

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 05 May 2014 22:38 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DAD71A0195 for <rtcweb@ietfa.amsl.com>; Mon, 5 May 2014 15:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VBpH2OUtpXbC for <rtcweb@ietfa.amsl.com>; Mon, 5 May 2014 15:38:44 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0144.outbound.protection.outlook.com [207.46.163.144]) by ietfa.amsl.com (Postfix) with ESMTP id ACA461A01CE for <rtcweb@ietf.org>; Mon, 5 May 2014 15:38:43 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB418.namprd03.prod.outlook.com (10.141.92.13) with Microsoft SMTP Server (TLS) id 15.0.934.12; Mon, 5 May 2014 22:38:24 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.0939.000; Mon, 5 May 2014 22:38:23 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: draft-ietf-rtcweb-security-arch-09: DTLS 1.2 only?
Thread-Index: Ac9Zw5ansFOV9k7GQvai4TDmd4zOigO7pVfA
Date: Mon, 5 May 2014 22:38:22 +0000
Message-ID: <4116cc72bf7f4194ba096afc12d4e0df@BL2PR03MB419.namprd03.prod.outlook.com>
References: <99c75200c5e742b5946ec8e0a850e13d@BY2PR03MB427.namprd03.prod.outlook.com>
In-Reply-To: <99c75200c5e742b5946ec8e0a850e13d@BY2PR03MB427.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e0:ee43::2]
x-forefront-prvs: 0202D21D2F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(377454003)(199002)(189002)(64706001)(80022001)(99286001)(79102001)(74662001)(31966008)(85852003)(83072002)(86362001)(16236675002)(20776003)(46102001)(33646001)(4396001)(86612001)(50986999)(1511001)(99396002)(76176999)(76482001)(77096999)(101416001)(92566001)(21056001)(19300405004)(76576001)(54356999)(81342001)(77982001)(15975445006)(87936001)(74316001)(19580405001)(19580395003)(83322001)(2656002)(74502001)(15202345003)(81542001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB418; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
Content-Type: multipart/alternative; boundary="_000_4116cc72bf7f4194ba096afc12d4e0dfBL2PR03MB419namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/ydQYvZIaY6ZziTZQVnI9BykH4PY
X-Mailman-Approved-At: Mon, 05 May 2014 16:26:10 -0700
Subject: Re: [rtcweb] draft-ietf-rtcweb-security-arch-09: DTLS 1.2 only?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 22:38:47 -0000

Just to confirm: does everyone think it's a good idea to require the use of DTLS 1.2?

Cheers,

Andrei

From: rtcweb [mailto:rtcweb-bounces@ietf.org] On Behalf Of Andrei Popov
Sent: Wednesday, April 16, 2014 3:32 PM
To: rtcweb@ietf.org
Subject: [rtcweb] draft-ietf-rtcweb-security-arch-09: DTLS 1.2 only?

draft-ietf-rtcweb-security-arch-09. says:

" [[OPEN ISSUE:  Are these the right cipher suites?]]  All
   implementations MUST implement the following two cipher suites:
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and
   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ..."

These are (D)TLS 1.2 cipher suites; I think this requirement would exclude DTLS 1.0 implementations. For easier/broader adoption, would it make sense to allow DTLS 1.0?

Cheers,

Andrei