IETF Logo Mail Archive

Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 14 July 2022 03:34 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B80DBC16ED07 for <secdir@ietfa.amsl.com>; Wed, 13 Jul 2022 20:34:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWKmLeh9z9Bg for <secdir@ietfa.amsl.com>; Wed, 13 Jul 2022 20:34:11 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.21.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B608DC157B5E for <secdir@ietf.org>; Wed, 13 Jul 2022 20:34:10 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2241.outbound.protection.outlook.com [104.47.71.241]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-67-dPywSe97MGKTmFAEcR7r7Q-1; Thu, 14 Jul 2022 13:34:05 +1000
X-MC-Unique: dPywSe97MGKTmFAEcR7r7Q-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SY4PR01MB8280.ausprd01.prod.outlook.com (2603:10c6:10:195::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.12; Thu, 14 Jul 2022 03:34:03 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::64d6:2532:7a7e:561d]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::64d6:2532:7a7e:561d%6]) with mapi id 15.20.5417.026; Thu, 14 Jul 2022 03:34:03 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Rob Sayre <sayrer@gmail.com>
CC: Peter Saint-Andre <stpeter@stpeter.im>, Benjamin Kaduk <kaduk@mit.edu>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-uta-rfc7525bis.all@ietf.org" <draft-ietf-uta-rfc7525bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
Thread-Index: AQHYlunzWeaHHDs2rkWl2o6nLvuO+q18rMkAgACCzMCAAAQtgIAAAw9V
Date: Thu, 14 Jul 2022 03:34:03 +0000
Message-ID: <SY4PR01MB6251FE9DFBD849A9296D31AEEE889@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <165766858084.5251.12485129434316295805@ietfa.amsl.com> <b24e2934-200f-4f80-5261-aa2a977da39b@stpeter.im> <CAChr6Syq+uOTJsvqWuSustq_HdTaXCtDepyCuRWx+jGoEB06Fw@mail.gmail.com> <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com> <SY4PR01MB625186377F07976EFEF775F7EE889@SY4PR01MB6251.ausprd01.prod.outlook.com> <CAChr6Sy2GmkGQfz93+EhfDGEVZuwvkE9NOMwn6XVr5qag_aVBQ@mail.gmail.com>
In-Reply-To: <CAChr6Sy2GmkGQfz93+EhfDGEVZuwvkE9NOMwn6XVr5qag_aVBQ@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 67d86cfc-e070-40cd-f554-08da6549b2f5
x-ms-traffictypediagnostic: SY4PR01MB8280:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: roUaghGt0wxY1IXn/O4gIhtUllacuR1OrD9DEYv54IU9Rwwy18u/4dmPQ0sknuDWIQcpEAcxOod9DqgmOitkNloY6tch9/r+LPALi21CVivAle5ZX4xwg1QZLiYy+sePf+PTH0rTLk/mewcwZxxQs53g08+grlEeDf8gATu+X1Zvwfot6W3hi5O16mtq+HObjZrzuUSmxZuSVxJH76Xeb0h/Yof5UDximXRUM2rEkv332by3Tn7STmFIWDI7hq5j66oOuQiw/6i03RZTzoCTDozYEr6++/yjRIau/jw/IEan74kG6dQpmHbBh+fPW1KGDzEZ0ZlmLCJRrmLdILN92m6ZQvyR16rllU9DchsO8iRokTKRlx+E8++kVA8YjmwkisscVBn+X0pG/a/8ZKrJockOodSgLt1bxT/RwMySpZbrN32gINp791bBrkoZDXA/rZjyGoFQS38fZzaljfnsI6pC+yEJI9XDjJjagvNXVqcln5U98ndE60wtNcml/bcgdV8ZLrjFw0VS6pN/07ZPQb8DyCcIN8jn8mKKsy+Z7/VPx7sF2B5sBYo9z2QoP9YKyii8GixvYVCKc7EooSIp3BNfC0xktvnl/oC+EZYEGFZb6bVyiVcssGoyCakKKRhSzB19GbWkMFlVm7PFk1sHZY8+ceLMmqKVLBGbOhGdLFthu69qwX+NArVLSsVFXSMAjtkWAS4WTCFOtiyQ+b7MH/+sxI/NtMEb/VXr3/2eM365t6f1BR6eNcpiluLyih4Pph5eKzWccuV9xpvBID1UeL9n2WEPSGpQEny4p1+0QhPIwuNOJnx6MWOh35/qEWzf
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(366004)(39860400002)(376002)(136003)(396003)(186003)(54906003)(6916009)(66446008)(786003)(83380400001)(4326008)(316002)(66556008)(76116006)(86362001)(8676002)(33656002)(66946007)(64756008)(2906002)(66476007)(55016003)(4744005)(5660300002)(478600001)(38070700005)(8936002)(122000001)(6506007)(7696005)(9686003)(26005)(41300700001)(38100700002)(52536014)(71200400001); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IBr1JLMi4n5pIebBJW5RmDJLfwPJO/2lNK7yJxh5cbqokDL5lJPrcvhEjzUOBvGIJqMrKb2XmEp49gtfpF8aOQYzeNwihgqUlV9BDDDR5CyS+mOF7jWrsmACSlkVbznQhi906JSn+Nn+2gDZ8aeGnSnMDD0zWT210EuSwnXUxlamp7RfZAGyfpqYGlLG6MJkxQNv8yCKwsgEzIGsVvnWxlnmp+ELDaIcCVBpK5MfqyMNchBHjslbnoRYqNThoOkrKn7HHYXOphCb48qVLknSCmX37kV/GCiGpU11NLSbKf2nwONieUzmbhAN/GxQJoG+7sQhTPtEijK2pGpHHMiZ+XX356C+7z5iq0y7McQVKpTzT+jqTuONTnoh5sxVfBBmGdoC50392olybLxVqRFdvXscjoGHkPXY6zys6jkfRz+8jKelXmG1AdngPv2jj44w/xXBEpoJ4TlGeL2QDeqwNOEZvMLe2CTUo7B+7rOEuyMQF7Kzpsl45k5b2bmsyzWnBYuEwgi+KaYnkmOPRIssxiv8b1djFUEKXFZGpml1ALtzCbDQcG/J2mwTpdLDGg6qtl3wzklnSTfbObeMGjMooQIkDBWKoaWIYHGzxTfyuY8G7jhzx+/kf6KrJn5dCDiygKERwXHVMFrzPUHZZVH7/LeSfnEF4Jx03sgZ0+rteD2NiveA5hrthbX+/A/MByhn1Wo0RphaWeTZPgFM5UpN2ZadCAMemMmEv0SKwUA1ZpSPKRf0dlIU1GkfvrB6tTFklNQQ3f8B+vQmahdmLZON4HMVQafV3FIL68PBJkA8t3MjKSCLN+dVjy+aDwmwXsIm8kRPzpsWD7XXGSIoKGGwHR4NJWLz7t3Wdls6jZ3WdTGvwlCenbeTlrjBu6O6Xz81IKZSCPHctyRae6EzUnmNTD9AQo3ISlOLRhpPSpZFHMBPYx1RcuLARyhOZGC/DPZOIajQVY2dtsPdMtlPte2RtRJQRfd8ZjibRzEFq1oaDzkrMSWO7trDmOU95aZWZntF1wvfdQTJIt4v7437TQKavljx5G13iX3VH15QzhPn7hIEAh+YAPIHKsH9UilHe0zaT3+Q4q3y1PRF6Pf99tpZxGGE97vFZBpqIUEiRWpGcnqZJLKmTAYDVh/7k696pgoawCtpcnJHaSXIm89rUBPfD8XwCngHBtKSpE0Z3WkQ0+qX0BC1iCom3EYdKHcWbUeT3Mc+7vBQyiBSWtGILrY2g51scaA3bT23yfgcQAZm+HvByvCR5nOsh2dAOwcLy+8VPRzrsdPccsy2Rplwpn8ZmvNkWzURkcIVPpHPBuYRGweKW+ZIw6bdT4Xygp0d4qjzDkHgWmtWldDB1r1cc8uez+jeUvxmkqIDCmd5PT2UnduJESG5qr2n92h2od3t/ct5aeyD4oDFlPN9Omhiu9AA1yaTZiXWvTnlIDHl/1KSUX6uJ/uJqaHnSyz8K8iiK89mJQDI4fZVGAVGT78itakS/Ky3f/rI056tJFdKU4IVC5/wjA/x3FM+/OCq0Eo4axsGSzXCWC/f6CNHBAzR0qpERHw82EGtmrhit8tZoat41OiKcaDtdHZO/zDhefO/qxyux5DqSeSvtrD1n1CuA/akOQ==
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 67d86cfc-e070-40cd-f554-08da6549b2f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2022 03:34:03.5203 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: s6noM8ZmNTCBiIRl6Xr31c7qxxuGk5MfyypznWtGhQA7BJCezYIfT2cejdLabgW9f0R0ve1eB4+oCJdVLlnVfLLqid8AsMsOrRrMM9MNIOE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY4PR01MB8280
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/lw-jY7cAxD_UlN83uN1_mdPiij4>
Subject: Re: [secdir] [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 03:34:11 -0000

Rob Sayre <sayrer@gmail.com> writes:

>I don't understand your rationale here, though.

If you've got existing systems with implemented, tested, and in-production TLS
1.2 stacks then the motivation to do a completely new TLS stack that does more
or less the same thing as the old one but requires twice the code space (since
it'll have to run alongside the old stack) and, usually, a truck roll to
upgrade each system using it, is minimal if not zero.

Thus there are many systems that will probably stay with 1.2 more or less
forever.

(This skips a lot of detail, e.g. if you've got a 10-20 year upgrade cycle
then newer systems that have the resources for it may do dual-stack, but since
they have to operate in an environment where everything else is on 1.2 or
earlier they can't afford to drop 1.2.  Even with newly-developed systems if
you've got limited code space and have to choose between either 1.2 or 1.3,
it'll be "stay with 1.2").

Peter.

v2.23.0 | Report a Bug | By Email