Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
Andrei Popov <Andrei.Popov@microsoft.com> Thu, 14 July 2022 17:12 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7004CC15BEC6; Thu, 14 Jul 2022 10:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zzWqLztvl573; Thu, 14 Jul 2022 10:12:39 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (unknown [52.101.56.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5305C15A731; Thu, 14 Jul 2022 10:12:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SAEba67j8dEFqv/O46zH7j4S3N1+NYhlJPH+VuW9BMsmC4gFHn03Ag1wjNl2F9AwGkD8JWhQxs8uBBowEodTZnrMftuGBuLj6rVyb2wCjFyh/brYyujuNGH+L01zLG8eDkesdsqkuZT5D91MbmkAJ8DVyIAVCRsriZA+hxbK1+Ps96ptOozw8J1ueaTuu/O9FoSGzTGkefTM2Pv3RfMZUPrufzoNMqFnvnAObD1ZCWeYMjTv7xMbDKkjToXtaEe2Iad4gJ2vjDGdRlCLZ46q8yCfyrztz5CAO4Q2+mvpQaIlwktBrsQpbXQwBqUe//lzTZOfSM3low+ldAfUFDO0Uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4pcuePiP6VUtUaVzbB6JLlaEKsa97eTunRWI3yonBPY=; b=TnuaUnHybomQQWEP/xu+XOHCTHGyq2cmOfgQhRfpKLr0vD6snimGge2sKKCyEMo9YGF7wbgNEUJhiKYp4Sd+a6zAj7uUpV7PsUYla5kisE0d4E6eB5KEGGUGL2kCw9K+hT7irCwqsjbyFGIUtoj8vQdVetJg/zo5m1Oi/po9eevH3JEv3rjpIVqJjEd8V4iflaRdgkIlnaIpCp3KNih8Wygse4fAkI0v+rrrrbYFGlYS40hk2ocJHLKM0Wh/zq75m5Xp/R0tpy3it8VL8FWuEQRHnSxSusoRT43wUkBhcBdNLlX/OzlEenLoLE2A4/wJP1P9d0t6AIfTmldbXJ9fIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4pcuePiP6VUtUaVzbB6JLlaEKsa97eTunRWI3yonBPY=; b=W4bYeqcsPiGHHHXr/ZkwoD7jlIpWKeZf/Z5wysrb5LfI0TYyHMDMYAfypBZaqScL9cAjRP5No253bx4FTTP7eLn9ZwlCVUPPdNSe+UwKljYsMOzjPraUq8UCdGbpl9ZcVY/ObHC794c6gln5z4Z4wozm2dQ7w37w3kE4UvNeiGk=
Received: from BY5PR00MB0707.namprd00.prod.outlook.com (2603:10b6:a03:211::12) by BY5PR00MB0743.namprd00.prod.outlook.com (2603:10b6:a03:1d5::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5474.0; Thu, 14 Jul 2022 17:12:12 +0000
Received: from BY5PR00MB0707.namprd00.prod.outlook.com ([fe80::f4db:972:f036:1e91]) by BY5PR00MB0707.namprd00.prod.outlook.com ([fe80::f4db:972:f036:1e91%7]) with mapi id 15.20.5482.000; Thu, 14 Jul 2022 17:12:12 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Rob Sayre <sayrer@gmail.com>, Peter Saint-Andre <stpeter@stpeter.im>
CC: Benjamin Kaduk <kaduk@mit.edu>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-uta-rfc7525bis.all@ietf.org" <draft-ietf-uta-rfc7525bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
Thread-Index: AQHYly76ULRya45kVke11hXTIRcXra1+FjNQ
Date: Thu, 14 Jul 2022 17:12:12 +0000
Message-ID: <BY5PR00MB0707E1335EB621253DB3BDA98C889@BY5PR00MB0707.namprd00.prod.outlook.com>
References: <165766858084.5251.12485129434316295805@ietfa.amsl.com> <b24e2934-200f-4f80-5261-aa2a977da39b@stpeter.im> <CAChr6Syq+uOTJsvqWuSustq_HdTaXCtDepyCuRWx+jGoEB06Fw@mail.gmail.com> <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com> <SY4PR01MB625186377F07976EFEF775F7EE889@SY4PR01MB6251.ausprd01.prod.outlook.com>
In-Reply-To: <SY4PR01MB625186377F07976EFEF775F7EE889@SY4PR01MB6251.ausprd01.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=77d5596a-6d8a-4201-9fc2-63cf9c538439; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-07-14T16:53:46Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0743a57c-40d7-49b8-607b-08da65bbfe31
x-ms-traffictypediagnostic: BY5PR00MB0743:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Gdl2Wy3J1XJ3IjZliNMilU2kEIztfdZS/doSe5Dldd6g8ADN2jXefgOG4e2jrQYstCxN9NYJMocItyiKaB+TR5/0kDLwi0YicnSgHeh7W1KzDi3wamNStmM6FC7rAAf9JsdXJBgM5AO2q5aazkOPsNF8OaQ86mfwp8Iw+fMqv8+c3rbc6pu8VgWUze1SDPmvmq5xu3qRn9rgwC0eOh0zDkGV2M8JmmsOuBf2ljaHyR1jE8RgJAN4cbJ8SK8T48zd9TQbNvZeMk4FODDI95ftJPzkQFuDe1DqpGB819Q+NodFe+SOWVNdfGtrD9QY0Y43qLByyiBPO5/gQxAquJ3GD9ZWuAiy/viBUEMx0VsmnVHnqeiIxWg6phcQoyNgTKG61uMO9EUHk+OzsL7fQSzUoxKod2QZ94JCen3zAPgYLmtGRe8whOaBfxOqhJmBvhH+VF6s7uYZokUsO6cTtRTZfAr2oAh8tZaxHwTni7jNKW1t01oqmPvQNHK/wyOGaokBpqdLf/HTWmckL0x/7yyocKp5IH5D761X10GxaaZVVGYCnbvv02Ig/DIkBbLIcUvzCkc3ggeAKGszNV9up2eYbNE/+2cj+GwK2r6G8inNYR8iKxpQoCslyV4jakB2wN8vOzmdGoCWZy+c2Kulo2HNpvK1+b/AtTBgFptzfz/GlfWcxHErQXKLTXwaxwNofJk1F5JUsNcSMhrb3hUKxdustmzhFA2RQBlHP7bJB/GBaMeuP/Mc/1ExkvokXFS6bb3DfqHcILF7NZMSIlSJu1GvT3KE0v7ueB+srCELMZTIFQPMJReiWqK5T53aY36HhQgX06rYCz5TrDwuP6fovnRjJdiQ2lwD6++KBem9nmCvLQCosKQTSRwrGm8oWydek8wyh9uKu5tUltNblKHgkGZCgw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR00MB0707.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(136003)(396003)(366004)(39860400002)(346002)(376002)(451199009)(82960400001)(71200400001)(7696005)(478600001)(10290500003)(38100700002)(186003)(110136005)(33656002)(82950400001)(4326008)(122000001)(66476007)(64756008)(66556008)(53546011)(76116006)(8676002)(316002)(966005)(66946007)(9686003)(54906003)(26005)(8990500004)(5660300002)(55016003)(52536014)(66446008)(41300700001)(38070700005)(86362001)(8936002)(83380400001)(6506007)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: a/BmX/zK3eTa2ZHCzaJsTPQplyJ7bayWgs2oc3cM3Y5vR6rIV37pb/MwNOTxbHJvoCuUDAI2PD4ehvMUrmpy/raxsN7NlTs0pO0Euo42QACSQ1yHE3i+x7PZyKcThLM1/PBZ2nMH/yRO3rAjSmsk/1iKOBl7Mq2mlCAA9R11BELkIddcqOULEtCagA1eGz+84YF1ajhoHhjrHn740j+svidIJkX/Q43sD9z3Qxq0ytQwbqAAU03WoxN/579ZIvU5vv425xoaHddH0BCExCZPkEBG3iekcjUhFNfiBfBt5c7iifd2lvwJSz/eGpR0yYc/8KMvVYSuzbtKpMd1ZkTfzqZDd0xW01Eesc1RZDjxxrAr85mhGoyoXhUOnjkbSzavrb4g1wR9093QE0nI6789BGFmpMxK3yFp1VVfVGeg60+aPAbdyz5K2vZ5wNay6vtRrdE3UNYP2BxZnofp0KIV9Q6Su0KUGl+zcJU5Bm7PIZkz6Cn4g2TjlatrJxXVJFVKQPKOJ42U/m4akZHePDPaYRNp/lPJ08BPNviWX1Spx3yJFQK3kyqR3WsDhp067hR0ly2+ERc54zpBdhOAdYaggh/wqzSxLY9Jbn53q8BvnKCQiRl2ZVwGSgrBWOzwQBbvfl6PUlw7Ug1+rOqq187coRJa1h4SITt6tnMOGnLkiM3HvQSdBH8vkNu4M07MLhEVy0uE1Rw1MuCfYwithPwM9uodKuvnQPc7lPWPmUlz+6tXWNq2pfJ7OFtuBufqAfGvXfre4tR3zG/67nWB+/BMw/f6220cuv1j3/XSjbhIerLEsq6uZNCZLaxwRAn8vM1cydbdC99dxVurminOLhIYecOmoJ/ze7g0YJY3WnfxxsAVjInIWG9HFMQorw9peXpl6KmJtQT71ZyfVcrnEK/i8ruPBwScj16vrxf5PsZiFhFGNnDnzMJsejuZ6ZNI7ET7k4kZOr2DX4xF5tJ6UzLMwOZqWeA+JGEY563wOe4T2MhlqkFnW10zHUEaUTFZMcu11KHBxHBItNm3A+vvIL0g1ZerzZnpc9Dox9cG3v7r201+CyK5DgcU3D/uNkxOw0UlFGvWreixw/Z9K8DpKd1LENubRYzwyb3fmX02BhaLOkKez3qX2eCl8KPYKycmmmhcWxGLKKv09KYUYWzFB/2SjzRPNrpjhE0KODU2aulX88/KaEKw9PStiVoxQdhRH6NzRy9zo/smC5+jhtVBIzcan5IpEZ67dZfS26EZkOdvjqAbLXaBOpQxUw7soCeczCeWxZaIVKO9JCs5wMZYf6m1+QoT3S9N4MBZeDIy2pIJZ7EgHzlQFlDmJnEWy+TWplWSIB7+XWC3PVFe9clQ+nPWqDr3Gq6ejO/O8zIjp2F3EKGCyXfgnUQTz3X5o9uEmMkpahb1FklTrqXJ2r1QpB+2cBfI6rkmeqIAW9f0sw0eJ7qkZ7Y0CvrlpDMDn5gepM3Zq4aQJJdWAgIO/R7DufWqhQuZwYKVRY0XX8xXCV7P2lj9PbmubBcXTxv/X7GC8Rm/HNxQi1DQQFBAea60/J6BVtiTXGQ9zhOygBc8eMWE4H3D8Z1OTG3oOuWFx/L3bIGa
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR00MB0707.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0743a57c-40d7-49b8-607b-08da65bbfe31
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2022 17:12:12.3816 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IbaVCoy41MF1o1yobqfWd6AqwPS8bXjDOeQQH6P8TU8mdnnJqUOLtU1///CXNanBHQMcKBxXF8jZ9mkxKzCIlg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR00MB0743
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/nQSjnyelnwPI_PeUUp5XvUiY2A8>
Subject: Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 17:12:40 -0000
Speaking of PCs and servers: I took a look at Windows TLS stack telemetry (only including those OS versions that support TLS 1.3). TLS 1.2 is negotiated for 99% of the TLS server connections and 98% of the TLS client connections using Windows TLS stack. TLS 1.3 use amounts to 0.4% of TLS server connections and just under 2% of TLS client connections. Cheers, Andrei -----Original Message----- From: Uta <uta-bounces@ietf.org> On Behalf Of Peter Gutmann Sent: Wednesday, July 13, 2022 8:07 PM To: Rob Sayre <sayrer@gmail.com>; Peter Saint-Andre <stpeter@stpeter.im> Cc: Benjamin Kaduk <kaduk@mit.edu>; secdir@ietf.org; draft-ietf-uta-rfc7525bis.all@ietf.org; last-call@ietf.org; uta@ietf.org Subject: [EXTERNAL] Re: [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09 Rob Sayre <sayrer@gmail.com> writes: >Also, in the realm of opinion rather than correctness: mandating TLS >1.2 support is misguided. Every TLS implementation maintains divided >codebases for 1.2 vs 1.3. On desktop PCs and servers perhaps, but in embedded the very fact that you need two sets of codebases means many systems will stay with 1.2, possibly forever when everything around them is also staying with 1.2. >No one reads the TLS 1.2 code very closely these days, in my >experience, so the BCP would be mandating support for something people >don't really work on anymore. Unless the only codebase you've got is 1.2. However in the same embedded systems you typically do it once, do it right, and skip the neverending flow of bells and whistles that keep appearing, so there's no need to constantly fiddle with the code as for PC/server use. Peter. _______________________________________________ Uta mailing list Uta@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Futa&data=05%7C01%7CAndrei.Popov%40microsoft.com%7Ce00ddaa9c29c46256bcf08da65461b37%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637933649036169526%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=KdWkJBgZZYtqmqbNTu58h6cXqB7eq3o%2B65rEEu5eo%2BE%3D&reserved=0
- [secdir] Secdir telechat review of draft-ietf-uta… Benjamin Kaduk via Datatracker
- Re: [secdir] Secdir telechat review of draft-ietf… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Salz, Rich
- Re: [secdir] [Last-Call] Secdir telechat review o… Salz, Rich
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Peter Saint-Andre
- Re: [secdir] [Last-Call] Secdir telechat review o… Rob Sayre
- Re: [secdir] [Last-Call] Secdir telechat review o… Martin Thomson
- Re: [secdir] [Last-Call] Secdir telechat review o… Benjamin Kaduk
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Andrei Popov
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Peter Gutmann
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Peter Gutmann
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Benjamin Kaduk
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Last-Call] [Uta] Secdir telechat re… Martin Thomson
- Re: [secdir] [Last-Call] [Uta] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Stephen Farrell
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Thomas Fossati
- Re: [secdir] [Last-Call] Secdir telechat review o… Salz, Rich
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Paul Wouters
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Andrei Popov
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [Uta] [Last-Call] Secdir telechat re… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Andrei Popov
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Peter Gutmann
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre
- Re: [secdir] [EXTERNAL] Re: [Uta] [Last-Call] Sec… Rob Sayre