IETF Logo Mail Archive

Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09

Paul Wouters <paul@nohats.ca> Thu, 14 July 2022 16:47 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91EB8C159485; Thu, 14 Jul 2022 09:47:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qA-_YkjOvuon; Thu, 14 Jul 2022 09:47:53 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 286C5C14F74A; Thu, 14 Jul 2022 09:47:39 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4LkL541MrjzF2C; Thu, 14 Jul 2022 18:47:36 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1657817256; bh=qSghjGMpFf4HjDNBbSkJT7l1BoD0MbW98t7iBBJk5PI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=LwvjXszEfyz9Tpwacyg+vl8vvSImQZGrRTbHfSdLlvOh1YVA4ehJStBcxRg/F2grp 98/ZLqqXKH20AZoiUB4/ooDXqd+IDGVr1vlG6cxzNOiuzq9Yn47EbyF4P3iLpU7wM4 ri48xksGsgat49eWc0zir/d6TPGaPzFYlGcRzGqg=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id BRd-O58WO7Kq; Thu, 14 Jul 2022 18:47:34 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 14 Jul 2022 18:47:34 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 24D223A58EA; Thu, 14 Jul 2022 12:47:32 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 20FE03A58E9; Thu, 14 Jul 2022 12:47:32 -0400 (EDT)
Date: Thu, 14 Jul 2022 12:47:32 -0400
From: Paul Wouters <paul@nohats.ca>
To: Rob Sayre <sayrer@gmail.com>
cc: Thomas Fossati <Thomas.Fossati@arm.com>, "secdir@ietf.org" <secdir@ietf.org>, "uta@ietf.org" <uta@ietf.org>, "draft-ietf-uta-rfc7525bis.all@ietf.org" <draft-ietf-uta-rfc7525bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Martin Thomson <mt@lowentropy.net>
In-Reply-To: <CAChr6SwRydWZ6VGf+0A4sGcCG7MRNk3sNDksz505yM_AX4ca5A@mail.gmail.com>
Message-ID: <d2f12c1-116c-d8e8-acdb-fd77a470229d@nohats.ca>
References: <165766858084.5251.12485129434316295805@ietfa.amsl.com> <b24e2934-200f-4f80-5261-aa2a977da39b@stpeter.im> <CAChr6Syq+uOTJsvqWuSustq_HdTaXCtDepyCuRWx+jGoEB06Fw@mail.gmail.com> <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com> <SY4PR01MB625186377F07976EFEF775F7EE889@SY4PR01MB6251.ausprd01.prod.outlook.com> <CAChr6Sy2GmkGQfz93+EhfDGEVZuwvkE9NOMwn6XVr5qag_aVBQ@mail.gmail.com> <SY4PR01MB6251FE9DFBD849A9296D31AEEE889@SY4PR01MB6251.ausprd01.prod.outlook.com> <20220714050053.GT26442@kduck.mit.edu> <CAChr6SwBUFP==jMu9N6Ey9HfSJhExunB-0MtnWAAU7x=B=be1A@mail.gmail.com> <61cdc89b-fdb9-4c82-ae4a-a562cc66c12e@beta.fastmail.com> <CAChr6SxqxojHRM6YVk4dsrvghwSo5qf9i08khr4zsOoNDg8x1Q@mail.gmail.com> <DB9PR08MB65243D07D5CD032D3C02EC6F9C889@DB9PR08MB6524.eurprd08.prod.outlook.com> <CAChr6SwRydWZ6VGf+0A4sGcCG7MRNk3sNDksz505yM_AX4ca5A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7fiUoFz4hshzbuGfvclT0rITNRU>
Subject: Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 16:47:57 -0000

On Thu, 14 Jul 2022, Rob Sayre wrote:

> cover the maximal-compatibility concerns for 1.2, but recommend 1.3 and don't require 1.2.

If someone wrote a new app implementation and follows this advise by
only implementing TLS 1.3, how well would it interoperate with existing
apps/servers it needs to talk to? I feel this would not go well.

The text could say something along the lines of "SHOULD implement TLS
1.2 unless it is known that for its application TLS 1.3 is widely
available, or is a Green Field deployment where all parties are known
to support TLS 1.3".

Paul

v2.23.0 | Report a Bug | By Email