IETF Logo Mail Archive

[TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze

"Salz, Rich" <rsalz@akamai.com> Tue, 10 December 2024 15:02 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73595C19ECB8 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2024 07:02:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dxutvcj2l4L for <tls@ietfa.amsl.com>; Tue, 10 Dec 2024 07:02:24 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [67.231.157.127]) by ietfa.amsl.com (Postfix) with ESMTP id BDF59C20C8DA for <tls@ietf.org>; Tue, 10 Dec 2024 07:02:24 -0800 (PST)
Received: from pps.filterd (m0409410.ppops.net [127.0.0.1]) by m0409410.ppops.net-00190b01. (8.18.1.2/8.18.1.2) with ESMTP id 4BACjO53029774; Tue, 10 Dec 2024 15:02:23 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=jan2016.eng; bh=4YShWfsCeK4XjBaGpsvwqH xoYFKoXovSn20z30nCKRQ=; b=Jp1Iiyp11cmKNsB0vyti62G93Phz0U16lzzgun GZrNvXK2k8jcV5AwrdT43UqY/83wzsmvgBhMdfKMNngbJcIZwMxU3WiSB0ZmX+7L 2GZM2Onp9Y28JjHg7HsBlbt54zq2aOb0fSH1nzMt1AV3VxUIW1vrWOmgK7+e9m7n I5/GA0gyisQIehjjBvOa3l0FTTGMFlRJmR2oo+xODh0P0Eq7vLqk2WkmuQ4EBFF1 9VO0BB4sX1ixlSxCTkV9agd0hRNctwXb2bbqkSJbd8EwBEfbPEl7+9kwkeUkZmom oE4sFgchqrDy2uL4JrKe4sXQmhrQya3fX2qUY9Yub4OjLF4Q==
Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61] (may be forged)) by m0409410.ppops.net-00190b01. (PPS) with ESMTPS id 43e7k6xetk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 10 Dec 2024 15:02:22 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 4BAADKjE028287; Tue, 10 Dec 2024 10:02:22 -0500
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint6.akamai.com (PPS) with ESMTPS id 43cjk0stte-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 10 Dec 2024 10:02:21 -0500
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 10 Dec 2024 07:02:21 -0800
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1544.011; Tue, 10 Dec 2024 07:02:20 -0800
From: "Salz, Rich" <rsalz@akamai.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>, Valery Smyslov <smyslov.ietf@gmail.com>, 'Sean Turner' <sean@sn3rd.com>, 'TLS List' <tls@ietf.org>
Thread-Topic: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze
Thread-Index: AQHbRhsyS41tHkhttkKdt8nCY+rfLrLaA0AAgAXL2IA=
Date: Tue, 10 Dec 2024 15:02:20 +0000
Message-ID: <88983EED-6BA2-425B-A125-AE32D5A55AE5@akamai.com>
References: <F98C87B7-B31D-4702-B694-0CB1A8FB38C5@sn3rd.com> <07fa01db461a$b2f05330$18d0f990$@gmail.com> <cc74d2fa-c452-4267-900f-41dee05dd9c6@tu-dresden.de>
In-Reply-To: <cc74d2fa-c452-4267-900f-41dee05dd9c6@tu-dresden.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.91.24111613
x-originating-ip: [172.27.164.43]
Content-Type: multipart/alternative; boundary="_000_88983EED6BA2425BA125AE32D5A55AE5akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-10_08,2024-12-10_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 malwarescore=0 bulkscore=0 phishscore=0 spamscore=0 mlxscore=0 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2412100110
X-Proofpoint-GUID: 0vvtsl-Awq3_SB3mdApPPtj8EumsPPvb
X-Proofpoint-ORIG-GUID: 0vvtsl-Awq3_SB3mdApPPtj8EumsPPvb
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 impostorscore=0 suspectscore=0 clxscore=1015 mlxscore=0 lowpriorityscore=0 bulkscore=0 phishscore=0 adultscore=0 priorityscore=1501 mlxlogscore=882 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2412100112
Message-ID-Hash: UAFX3JRHCFXM7V56IQFRANND7MV5CAWD
X-Message-ID-Hash: UAFX3JRHCFXM7V56IQFRANND7MV5CAWD
X-MailFrom: rsalz@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/18eT9c9LAeqYqyZtlqEjfslPm4U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Considering the following two statements in I-D, I have two questions:

>   For TLS it is important to note that the focus of these efforts is

>   TLS 1.3 or later.  Put bluntly, post-quantum cryptography for TLS 1.2

>   WILL NOT be supported.

To me the two sentences are contradicting. Which one of the following is intended?

The second sentence is intended to be a clarification and emphasis of the first. I’m not aware of any TLS WG efforts to define PQC and register them for TLS 1.2 and I believe the WG assumption – perhaps unstated? – is that these things require and assume TLS 1.3.  It’s not just crypto suites, but also things like David Benjamin’s proposed keyshare draft, and other stuff. If you have a wording suggestion, I’d love to hear it.
1.      (My understanding from 2nd sentence) We will exclusively work on PQC for TLS 1.3 or later.

What does the capitalization of WILL NOT mean? I did not find any such capitalization in RFC 2119 and RFC 8174. Please add the relevant RFC in section 2 or define it.

2119/8174 doesn’t limit all other uses of uppercase letters :). It’s just for emphasis.

>   This

>   document specifies that outside of urgent security fixes, no new

>   features will be approved for TLS 1.2.
If the intention of draft was #2 above, cross-reading with this sentence, are we implying that PQC is not an urgent security issue?

Given our finite resources, regardless of the urgency of the issue, the IETF TLS WG is not spending effort to “fix” TLS 1.2 And this document is intended to inform the community of that.  So if you want to be PQ, step is one make sure you are using TLS 1.3

v2.31.3 | Report a Bug | By Email | System Status