Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
Paul Wouters <paul@nohats.ca> Thu, 14 July 2022 16:47 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91EB8C159485; Thu, 14 Jul 2022 09:47:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qA-_YkjOvuon; Thu, 14 Jul 2022 09:47:53 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 286C5C14F74A; Thu, 14 Jul 2022 09:47:39 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4LkL541MrjzF2C; Thu, 14 Jul 2022 18:47:36 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1657817256; bh=qSghjGMpFf4HjDNBbSkJT7l1BoD0MbW98t7iBBJk5PI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=LwvjXszEfyz9Tpwacyg+vl8vvSImQZGrRTbHfSdLlvOh1YVA4ehJStBcxRg/F2grp 98/ZLqqXKH20AZoiUB4/ooDXqd+IDGVr1vlG6cxzNOiuzq9Yn47EbyF4P3iLpU7wM4 ri48xksGsgat49eWc0zir/d6TPGaPzFYlGcRzGqg=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id BRd-O58WO7Kq; Thu, 14 Jul 2022 18:47:34 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 14 Jul 2022 18:47:34 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 24D223A58EA; Thu, 14 Jul 2022 12:47:32 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 20FE03A58E9; Thu, 14 Jul 2022 12:47:32 -0400 (EDT)
Date: Thu, 14 Jul 2022 12:47:32 -0400
From: Paul Wouters <paul@nohats.ca>
To: Rob Sayre <sayrer@gmail.com>
cc: Thomas Fossati <Thomas.Fossati@arm.com>, "secdir@ietf.org" <secdir@ietf.org>, "uta@ietf.org" <uta@ietf.org>, "draft-ietf-uta-rfc7525bis.all@ietf.org" <draft-ietf-uta-rfc7525bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Martin Thomson <mt@lowentropy.net>
In-Reply-To: <CAChr6SwRydWZ6VGf+0A4sGcCG7MRNk3sNDksz505yM_AX4ca5A@mail.gmail.com>
Message-ID: <d2f12c1-116c-d8e8-acdb-fd77a470229d@nohats.ca>
References: <165766858084.5251.12485129434316295805@ietfa.amsl.com> <b24e2934-200f-4f80-5261-aa2a977da39b@stpeter.im> <CAChr6Syq+uOTJsvqWuSustq_HdTaXCtDepyCuRWx+jGoEB06Fw@mail.gmail.com> <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com> <SY4PR01MB625186377F07976EFEF775F7EE889@SY4PR01MB6251.ausprd01.prod.outlook.com> <CAChr6Sy2GmkGQfz93+EhfDGEVZuwvkE9NOMwn6XVr5qag_aVBQ@mail.gmail.com> <SY4PR01MB6251FE9DFBD849A9296D31AEEE889@SY4PR01MB6251.ausprd01.prod.outlook.com> <20220714050053.GT26442@kduck.mit.edu> <CAChr6SwBUFP==jMu9N6Ey9HfSJhExunB-0MtnWAAU7x=B=be1A@mail.gmail.com> <61cdc89b-fdb9-4c82-ae4a-a562cc66c12e@beta.fastmail.com> <CAChr6SxqxojHRM6YVk4dsrvghwSo5qf9i08khr4zsOoNDg8x1Q@mail.gmail.com> <DB9PR08MB65243D07D5CD032D3C02EC6F9C889@DB9PR08MB6524.eurprd08.prod.outlook.com> <CAChr6SwRydWZ6VGf+0A4sGcCG7MRNk3sNDksz505yM_AX4ca5A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7fiUoFz4hshzbuGfvclT0rITNRU>
Subject: Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 16:47:57 -0000
On Thu, 14 Jul 2022, Rob Sayre wrote: > cover the maximal-compatibility concerns for 1.2, but recommend 1.3 and don't require 1.2. If someone wrote a new app implementation and follows this advise by only implementing TLS 1.3, how well would it interoperate with existing apps/servers it needs to talk to? I feel this would not go well. The text could say something along the lines of "SHOULD implement TLS 1.2 unless it is known that for its application TLS 1.3 is widely available, or is a Green Field deployment where all parties are known to support TLS 1.3". Paul
- [secdir] Secdir telechat review of draft-ietf-uta… Benjamin Kaduk via Datatracker
- Re: [secdir] Secdir telechat review of draft-ietf… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Salz, Rich
- Re: [secdir] [Last-Call] Secdir telechat review o… Salz, Rich
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Martin Thomson
- Re: [secdir] [Last-Call] Secdir telechat review o… Benjamin Kaduk
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Andrei Popov
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Peter Gutmann
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Peter Gutmann
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Benjamin Kaduk
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Last-Call] [Uta] Secdir telechat re… Martin Thomson
- Re: [secdir] [Last-Call] [Uta] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Stephen Farrell
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Thomas Fossati
- Re: [secdir] [Last-Call] Secdir telechat review o… Salz, Rich
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Paul Wouters
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Andrei Popov
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Andrei Popov
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Peter Gutmann
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre