IETF Logo Mail Archive

Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 14 July 2022 11:19 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 835E3C159482; Thu, 14 Jul 2022 04:19:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ANbxHF6fzsFR; Thu, 14 Jul 2022 04:19:14 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140127.outbound.protection.outlook.com [40.107.14.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E47FBC157B5F; Thu, 14 Jul 2022 04:19:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SlajER5oUCxrH/3fpL6o1TJCkL8ECFWbmawXu2NCYCgUTgdtXjZZZoTBgrTFvLrWls+HWswv90jyx6JyejWktSriDnGBIC+ZZj6l6m42WT+b68GkwLJ7xDW/r0wk8yRpNE2azjnNHVpOUCX0ZqdQH9QZr1wXcKbHQy5UXsRswyjQzXtfZOujund23cKlLfGlw79qtQL0ghJ//8ZH9sy0BjIvw+FohDVt8WDt3lHMEOfEFJb8NB8JKc3qpPzkk9zOIhCewPh012IdK0O3xJEdBi4uDIlQHYoOuxbmJ7clJ+gEa7orKR5pDCje4zl7E/R/F6GN+7p95+kDF/LAA0PNKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pY2YACmoSINBvMl4ey52rrnTLEE7wI3+Jn8fX1+Mtqk=; b=EMt1uYEADCvsSatVGA2cyW09y7vWVDHNE6U95AZmowsOeQWsQ5FR/4SKXd6DPYvgJM7ARXdbal3q4drKHqsbjNrbCgGrRM3+2byfy6LqCdNe6JnZDBtRLgL5OQYQRyl4KwXIknFShQ8si5+2tko87I47g5tfomJXZcHotwob5aMrAZqPLX93V6+DdR0TUeDz/nBMywDcPUPA0AwOUc1Z4jHf2sWhl70TQguyo51YrYYMhQKHIqUo0eXLZoi0I/HntKHHQb8qFYsZRfLeiMVKK5xTQdCCdoLsgWoSLnq30PiueYQJrEPHXC8nANT0+QgBxQ8Xlhkw9HVh9GSIIXyjlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pY2YACmoSINBvMl4ey52rrnTLEE7wI3+Jn8fX1+Mtqk=; b=Lqvtdqkkxld/8ar0FENEyhB55gm+41VUa57L1Or4BhcBnz56zvtwSKswb/xvXGmDWoKymHh6jghfFwm0yrNrWZ7woulASr+CLX7XUlHVvnPJT/E0gnWSaLpiTFln8izF9GO2Yf2KXw51768t36EtfMogZ3cjj0TqJB8KLhdDGrKD6+ShLZgCOC3hNykVdf62piYf3uZnCqJuFBTBBrjKf4I9gpobl55VGq4kaOE1etyINpYHVzGqiGYcCnQ/KZrzas5GZVckUDAgU+GBDqq0/MRY5A2W/Dk1Fg63kLuyF8YwD5blgnUcxTwl87B9YrQ9KcluCT8ujpVhDcSHl49Hxg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DBAPR02MB6374.eurprd02.prod.outlook.com (2603:10a6:10:194::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.14; Thu, 14 Jul 2022 11:19:08 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61%6]) with mapi id 15.20.5438.012; Thu, 14 Jul 2022 11:19:08 +0000
Message-ID: <e633f12f-d473-43c2-d9e9-af82cd2bfd38@cs.tcd.ie>
Date: Thu, 14 Jul 2022 12:19:06 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Rob Sayre <sayrer@gmail.com>, Martin Thomson <mt@lowentropy.net>
Cc: Benjamin Kaduk <kaduk@mit.edu>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-uta-rfc7525bis.all@ietf.org" <draft-ietf-uta-rfc7525bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "uta@ietf.org" <uta@ietf.org>
References: <165766858084.5251.12485129434316295805@ietfa.amsl.com> <b24e2934-200f-4f80-5261-aa2a977da39b@stpeter.im> <CAChr6Syq+uOTJsvqWuSustq_HdTaXCtDepyCuRWx+jGoEB06Fw@mail.gmail.com> <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com> <SY4PR01MB625186377F07976EFEF775F7EE889@SY4PR01MB6251.ausprd01.prod.outlook.com> <CAChr6Sy2GmkGQfz93+EhfDGEVZuwvkE9NOMwn6XVr5qag_aVBQ@mail.gmail.com> <SY4PR01MB6251FE9DFBD849A9296D31AEEE889@SY4PR01MB6251.ausprd01.prod.outlook.com> <20220714050053.GT26442@kduck.mit.edu> <CAChr6SwBUFP==jMu9N6Ey9HfSJhExunB-0MtnWAAU7x=B=be1A@mail.gmail.com> <61cdc89b-fdb9-4c82-ae4a-a562cc66c12e@beta.fastmail.com> <CAChr6SxqxojHRM6YVk4dsrvghwSo5qf9i08khr4zsOoNDg8x1Q@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <CAChr6SxqxojHRM6YVk4dsrvghwSo5qf9i08khr4zsOoNDg8x1Q@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------0G6x07fBYnaXE10sg0sc6mA9"
X-ClientProxiedBy: DB6P195CA0006.EURP195.PROD.OUTLOOK.COM (2603:10a6:4:cb::16) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ca8c229e-4ce2-4486-0d88-08da658aab6f
X-MS-TrafficTypeDiagnostic: DBAPR02MB6374:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: EU4bYDv1dEmynSrWAA1ocfvXLModB1dZOlQRssfk1th8VnC6GMOqkauriRtBBUNQfG0zzAYvI3PyXuZRNOxdz4icFes6bVL4ZeRLccdQ27m3wOSlIUzdvxdNFYJVgZr3lrKW2mYStDV37BQ1/oZ+9QNmFO8kwKj0camqT/bEevWg/YtvHxYaXrsijQg3sna/vKR4wj9QO9kbSJXN/umOozrRChOB6ijDpJcqkZXY7tS/lXnP8U4OXPCGb/wKFcoJO4rNFQvNWnu1Qk5rwv2/Zis7PTX8veOh7pj4mBaXSZdXOlAfnmsDKhOe0zkhJjzfNcJcYLMg7vpqdAK+9ed3B4mcJqOwTVoDsskvuQdTMoRTSldnVYV9ooYr8ARo9rWI3kcz3iFHzR+ixQNUw/SIp2anoy/imwb+3Dqo7fVtilzztXlUOqi2HQb76xY1oQQE7Xdkwosh2VVRyqhjmXcxI3cELroa2njTaf5DhMXCIHqeeTeliveKEtFYnSYH2hVYgWsTSEAHNzsAZs9iN8Vf0nmnEdL0zTRfBJ6xSy3+X6z3vt/f5mKues55izatJFjpv066aeZhjQS/Jg+UjLrXSwnLFAmJa86Qjjl4itpyZT6PCvH4Kw/1ILbC4JkbDwuWOLsGZvsyvdWiB2B7CAV9+SHeJiJTinGtE/tv2OIREQNtPj7JUpC2fDRbOUCymjDowwR1EBzfKzsUnYrHKjje+xt3idlZulzj7m/wRrLf7goQZvhr3Rvrtrmmo6rhxyQnivxTr2BvQdYHYx0QWuaG+71H01DrSrdYFoCNLx8POCoXRiXndoXRdONidu/ruo6+SeAKqvp8eQvnebdnYMuF0iO7QxdOafGh4tIi+YqE8Jc=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(346002)(366004)(39860400002)(136003)(376002)(2616005)(6486002)(8676002)(45080400002)(6512007)(110136005)(31696002)(41300700001)(2906002)(21480400003)(86362001)(66476007)(478600001)(53546011)(83380400001)(5660300002)(8936002)(33964004)(44832011)(186003)(6506007)(54906003)(786003)(235185007)(316002)(31686004)(36756003)(66556008)(38100700002)(4326008)(66946007)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: dXCEpMAr1AH/1HGUaNLu6fErkd1BAy7m927tribsTQZdupfi72TTx/E7H+bHHtjuev6YL4I1OGyR3hUsEkKabTknN6za/USNrKVczx8R6qbvywp+w9F2qPe5vFYmH7uwTChFcacVCt5tnefSlUXNB4tln81rTqpfMfwo/nzzioumIf9lOBMOKUGQkQckPrle4QkeVk4+iz2TCi2T05SJUDy7Hj/TfJx9WcxFEWzyoZdtc+7dJE7RWmMUhzjf5J/W9jSGZiMlaw/w6fvZXPrNCVh4HNytiaHVOda8pAB/37vhQLZUOaQHOt2kxSwl6iOOlLZnJq2dC/RJ0Q70adP+hq4fRMlguhKxzKmd1cdvog+6Xi8iPnntco5nAA/IXSwzxFD41Dk1Q0bWZGZvqb/UXXeA44qOYsbwOtC0AR2RAZ0aeMnp0rfOC0hHPaXTPhi/beBnw8gSL7ExFBfBeCP7ltmCay/sYgfysyWxwa9oN2er4/AjXcDfz/vPCgxGO2UcqDLYcYRJkpiJ+elnBB/pJr9uDrh5vA7lCKR/CHzMpGpGzJrwzPVfm1VtgpXqyXLZKijYWJi7LL5Dw6tar1bLTRK+YoPMQQ00Ydg5Dv7gCBrOptCXPs9BirWkS1PfovsVULq2b9LfrHqNsoR3ScFt/vZCFrCHcbAtJAjOjjesirrqq2GaxcHJsTqZfHBiSZZb0HuCMUwMEp0NgN3m6MkWoyvtg7LRkBGCjAi2EgKst5WU6pOimOwZlbteKNtq3s525FpWuZntqyGuoPRAugiHrqGYza+8ghO0xxqwGvIH+0t5f3TKc5/o+UU/+alTFoRSDVGc1vYL9okqqOFmeFIT6R1/hJuWkDnnyNBGchs52yqAO15G5qzHUIAIeFC+VcrhPhw8V1m+ff0kOqvnx/RpdODezBuhFMtqpbNMRJo8mVNXEVPHjCtNm0r7IKrzlxMTzrTzYH0fYDAmmRNfhYCTad/qMrgTpz60xYINuZWv6B98oWGLJyqQdrKUB/1ikCTJ0NMqiXsfrXw7C213mlPnwggVapX7P1FQ1/ADjVFIgTIYZKbqmrUEc+IjSC25ArYivcmx/HNpfGofF1XQ0UQVShP01CMVulbnfOTn9ukYb9E/1oel+VFrJljI+ZCB7Xkr9/8F45JNmClktJWQF+UOBic7If2AweYMZo8xDEaWP1wa7prs8dphFgj3tVFZGtkecIgrD9KHzh4DxUr2/BxapMkS8BmZAmgvdR3d2wDwnqE1H4iyWMZoZ+orTu7lkt5dEHSbxCzvMBjPPeWWGAwT+q+E9sJe/NFWE4BNUpRII7Kb2yAW6YtC1HhInmKIirmMrY2TWxurqEIhaJwgsiGJzxVsvj2vZIG9x3qmnTkrnVZTyhqhoLoqmC3h6KbDPvlrnJa9NhKnOeeRSDeb2CpHuvQfoyj3o051Y45LqRhOBH0Q4oKfNtHNrLeBohGLR0Y12ym9sVWWGvoQdid6pTkCTeCHpwwvqp35/A1f8WSreZQI8fx1bIsVl1V6h8NpRiRebtkTA1X1XPssCxkw3L/PxjgA2MHvQG9oaOIvZePLYH5bF0E5EezC2m4p7/iTqmUl0ZA0LFYPQzG2II9PF43UnsRwpOpX0mcEyB1OOtS9jr/9C/UFLq+HJmBw9xKV7Hh/
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: ca8c229e-4ce2-4486-0d88-08da658aab6f
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jul 2022 11:19:08.3826 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: zaIjBE9ocKr5zEAbr6AY02zix4Dp5YC3Z/aFIvxRH5UNKRgqBQBXBV50rqmijBrX
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR02MB6374
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4wjhI3SBIKG9EMg-ruyDPNGoXgM>
Subject: Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 11:19:18 -0000


On 14/07/2022 06:42, Rob Sayre wrote:
> Sure, mandate TLS 1.2 support. That seems like a really good idea.

FWIW, I believe a significant majority of implementations
and deployments are not near ready to turn off or deprecate
TLS1.2. It'd be dim of us to not mandate support for it at
this stage even if a small minority are able to move away
from TLS1.2 now.

S.

v2.23.0 | Report a Bug | By Email