[secdir] Secdir review of draft-ietf-uta-tls-for-email-03
Radia Perlman <radiaperlman@gmail.com> Thu, 30 January 2020 16:30 UTC
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AFA21208B6; Thu, 30 Jan 2020 08:30:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Z7617-aYY8A; Thu, 30 Jan 2020 08:30:37 -0800 (PST)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2B55120851; Thu, 30 Jan 2020 08:30:30 -0800 (PST)
Received: by mail-lf1-x12f.google.com with SMTP id c23so2701049lfi.7; Thu, 30 Jan 2020 08:30:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=vPIln/F/NFGtDToaj1FvtBSR4TYeSFZA9TzdLn6nPOw=; b=B/Z2Koe8CXmJZwq4l59dbo1pFI/LfapdM6R8C/EMhjqKkwvigNlxqTZqp3rJmtLGa4 9lIH79WBVShCL7aIGiTAdT1Vg1U1lK6ZUaTnGSZBuM+phL+IDz2V4DiI/UDkKbxzX8cH g2VL4EepNz1PL3ptpPornh/cel4c/JQnx7/CVwIbxH5uJsAZme9gHuVrIrWOKIzD20Mp m+cduQeDZlQ4uZbQvwuTiP1T559YahHwFaj81qbFc/uM3gLG+B0c+jf6SVDMPcXChh0h HEV5r7JhKQTst2GXvnbVUjMo8HHJ8KG2cR4jj8wbJZ43i3BXK5aQzqUbChxfQ4dZsrJA 3W9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vPIln/F/NFGtDToaj1FvtBSR4TYeSFZA9TzdLn6nPOw=; b=Sq8bbR0DmOZox+KzWJC/Hy1LvhexXCvrW6kA7PV5dz1nO5p9AhCPu3L/1pmCgGZWk2 U7ScpxothVl4dS7ye/0VGqdlIVDYIaJnf1a2y1lJqzyuLufTDEK2/bWFK5m1ytzPbYMb zIZo6veC1d6bRymeTr8XPH7ZvU4BLtBqYruH2M5PAzAiQx7I1V7rGFajx5UUxT89NlGq kPLjHofkaIgNRvjXVmuiO9g9k6gWgVkVP1Sly3AoBUbRUOxgD64mq7+Kbim4PAJUIBfM IM3dRXdLWwj1CoKYipP6iZA2ze/Lq3JyJTBWzME/tYsZQtGc+LX0dXNtX4of3rm4ZfLg 1uTQ==
X-Gm-Message-State: APjAAAX83CsvqfNRaegTL60rdgWOK/tc1GYgevxR1I+O1gFbT3ANtFDy JICaa0m+8I/zOvs+6sTzac9cpQlQgOsTI1VnpgEGyPzTpqs=
X-Google-Smtp-Source: APXvYqw3Ex2Pr8PIPKV7WQ8AVwFeFKc3Hyxg6AOYHxywN9nzu3jHuVXELAdohKBNZ3k0xwbCgc/addtgTFqdcx8aY/4=
X-Received: by 2002:a19:5201:: with SMTP id m1mr2990696lfb.114.1580401828238; Thu, 30 Jan 2020 08:30:28 -0800 (PST)
MIME-Version: 1.0
From: Radia Perlman <radiaperlman@gmail.com>
Date: Thu, 30 Jan 2020 08:30:15 -0800
Message-ID: <CAFOuuo55GUPiKviLP-cALmtfBCOBA3fJbz3SfnB8b97Y=1gMuA@mail.gmail.com>
To: secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-uta-tls-for-email.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000931a3f059d5df905"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YXVQRUcykEWKwxP12foefzbz9zo>
Subject: [secdir] Secdir review of draft-ietf-uta-tls-for-email-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jan 2020 16:30:42 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is an utterly trivial and non-controversial update to RFC8314 changing references to TLS v1.1 to TLSv1.2 as the minimum acceptable version of TLS to use for this purpose. While there is nothing to debate with respect to security, I do question whether it's better to release a document like this which specifies changes to RFC8314 or whether it would be better to update (and obsolete) that document so that this one would stand alone. Better yet would be to come up with a replacement version of RFC8314 that would not need to be updated again when TLSv1.2 needs to be replaced with TLSv1.3. Introducing new versions of TLS and obsoleting old ones should happen without having to update the - likely hundreds of - RFCs that refer to TLS. Radia
- [secdir] Secdir review of draft-ietf-uta-tls-for-… Radia Perlman
- Re: [secdir] Secdir review of draft-ietf-uta-tls-… Stephen Farrell