Re: [secdir] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
Peter Saint-Andre <stpeter@stpeter.im> Wed, 13 July 2022 19:26 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CD52C188735; Wed, 13 Jul 2022 12:26:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=fumA9z0U; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=X7arbp9R
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enuOL5Qume88; Wed, 13 Jul 2022 12:26:37 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D11E1C14CF04; Wed, 13 Jul 2022 12:26:36 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 44FE2320095E; Wed, 13 Jul 2022 15:26:35 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Wed, 13 Jul 2022 15:26:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1657740394; x= 1657826794; bh=OSOOJ9L8a/Hq9q5kBFz37SzxjArEjXQzXrvGSoVQTa8=; b=f umA9z0U/4MekcCCEXQbopuTqE0kj2vggwEmP0kfnLthKX/SLV2gOPrYL6srmievw 3wB7nruyIHWHM+VQO9H0rqs8EHMwape2HSwoSzUKPJ/0vPdIYZRoRwpedxkGZMMS vmkHUBRDnO06vOnxlPmx4g1t8cHHAf1JKT75ddlahhij8B7q5HcrC1xX0BJue53Q rLfainAHWHOUa4Fi8URprgKxssCXyi/KUvmbFIdRFwgee7VvS6URoTfSX+nhxKpX aSqrr2VEUTMpvksN4n2IzgcJSirz3sAt2cwkLpnhqVsN7vs34KFzCnOZpn+2f0xC fNK/gHnlGmlfaLkTfw/9Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1657740394; x= 1657826794; bh=OSOOJ9L8a/Hq9q5kBFz37SzxjArEjXQzXrvGSoVQTa8=; b=X 7arbp9RJL9XJl4qeT5zBWJ3YvnzPGzAXi4+cysIeErYqGHAllkFuE+I12YBKcpR+ Y96ckmAib25+3ixQPD40kyLNkkZDI/aLP1xNOldHVy7UQjpinPhDvH0xEI9uKaZv nyrjkUM3dXn+TMPGNhviJU/Cya5RGAMw0FGFwWfHOQQLZ/wzfEef+Dg2Etd+CY3S rzfRbpL3YU6/LOHbVZkAuJdi+g95j4K0L8IEtKu2/FyV2Svxl7Ph2+jMz9xKwxbw Cr6TS7EBUOH4O9GiJlnfNJ3/n0Xl4iNNU8oPbo3OSAssvkrxzsY6idbXcA5TWuGY kL08kZB5mnzMYr8TRGnmA==
X-ME-Sender: <xms:ahzPYmDxojYykXdMAniToz1-uOdqm53Evz_08UPrq64deu5ew_NXeA> <xme:ahzPYggis7Tmx3QpViPTXimFjM8Ii7mrMQd_KwKTNTN1sbVftAwzEXZysd2sLUw2X w1m942ETb-pTNbGMA>
X-ME-Received: <xmr:ahzPYpkFmSfferlbstNgwTzN6vNsrUy1S77_-YpyHuVaGrbaWKPPEL1GrEjv>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudejjedgudefjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkffggfgfuvfevfhfhjggtgfesthekredttdefjeenucfhrhhomheprfgv thgvrhcuufgrihhnthdqtehnughrvgcuoehsthhpvghtvghrsehsthhpvghtvghrrdhimh eqnecuggftrfgrthhtvghrnhepieduffevjeehveeflefhtdfgvdefheffheevledvhfdu ieelteevvddthfffieejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomhepshhtphgvthgvrhesshhtphgvthgvrhdrihhm
X-ME-Proxy: <xmx:ahzPYkxEHnO4FmmTKWUPIe8PvxwDnme4eL34w2PWz2pEtUfyhzN93Q> <xmx:ahzPYrQgk09QTAOxYVnU7F-KWQRWcF3ddFLrS8HcTfgf6XZaC_jhPA> <xmx:ahzPYvZA3c86OAQmsLkD9PnPRFy4c10FjI3I0CKLEZFOX2pxGRiOyA> <xmx:ahzPYsJDgCqtMaPc9hJbCo9dE2oReWSYjcMLoc2SfPLVBmTjk855tg>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 13 Jul 2022 15:26:33 -0400 (EDT)
Message-ID: <c516d0e4-f477-a4fb-2638-3615434f48f2@stpeter.im>
Date: Wed, 13 Jul 2022 13:26:32 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Rob Sayre <sayrer@gmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, secdir@ietf.org, draft-ietf-uta-rfc7525bis.all@ietf.org, last-call@ietf.org, uta@ietf.org
References: <165766858084.5251.12485129434316295805@ietfa.amsl.com> <b24e2934-200f-4f80-5261-aa2a977da39b@stpeter.im> <CAChr6Syq+uOTJsvqWuSustq_HdTaXCtDepyCuRWx+jGoEB06Fw@mail.gmail.com> <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/B2Fer0ZDNUqbb-9etAi1dEK_x0I>
Subject: Re: [secdir] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2022 19:26:41 -0000
On 7/13/22 1:18 PM, Rob Sayre wrote: > On Wed, Jul 13, 2022 at 11:53 AM Rob Sayre <sayrer@gmail.com > <mailto:sayrer@gmail.com>> wrote: > > On Wed, Jul 13, 2022 at 11:28 AM Peter Saint-Andre > <stpeter@stpeter.im <mailto:stpeter@stpeter.im>> wrote: > > I think the bullet point section, "SSL/TLS Protocol Versions", > fails to convey the requirements here (I can't even tell what they > are). > > The section also says > > "Even if a TLS implementation defaults to TLS 1.3, as long as it > supports TLS 1.2 it MUST follow all the recommendations in this > document." > > That seems to suggest that the section should be reorganized to > document what must be done if supporting TLS 1.2, and also highlight > that it is optional. > > > Also, in the realm of opinion rather than correctness: mandating TLS 1.2 > support is misguided. Every TLS implementation maintains divided > codebases for 1.2 vs 1.3. No one reads the TLS 1.2 code very closely > these days, in my experience, so the BCP would be mandating support for > something people don't really work on anymore. Are you suggesting that the best current practice for implementations and deployments of TLS is to support and negotiate only TLS 1.3? The sense of the UTA WG was it's premature to say that currently, although presumably we'll be ready to say that in 7525ter... Peter
- [secdir] Secdir telechat review of draft-ietf-uta… Benjamin Kaduk via Datatracker
- Re: [secdir] Secdir telechat review of draft-ietf… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Salz, Rich
- Re: [secdir] [Last-Call] Secdir telechat review o… Salz, Rich
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Martin Thomson
- Re: [secdir] [Last-Call] Secdir telechat review o… Benjamin Kaduk
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Andrei Popov
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Peter Gutmann
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Peter Gutmann
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Benjamin Kaduk
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Last-Call] [Uta] Secdir telechat re… Martin Thomson
- Re: [secdir] [Last-Call] [Uta] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Stephen Farrell
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Thomas Fossati
- Re: [secdir] [Last-Call] Secdir telechat review o… Salz, Rich
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Paul Wouters
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Andrei Popov
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Andrei Popov
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Peter Gutmann
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre