Re: [TLS] Un-deprecating everything TLS 1.2

"Salz, Rich" <rsalz@akamai.com> Sun, 04 October 2020 22:02 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 159833A0A3B for <tls@ietfa.amsl.com>; Sun, 4 Oct 2020 15:02:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7aQzbFBISm8e for <tls@ietfa.amsl.com>; Sun, 4 Oct 2020 15:02:56 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CD743A0A39 for <tls@ietf.org>; Sun, 4 Oct 2020 15:02:55 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 094Lq3Mg015992; Sun, 4 Oct 2020 23:02:55 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=GWy/qv+ueb0NxyBKvOZq8n9j2EK5kuowdfwW+EyKmU8=; b=WzswzjE/tXuq4lL6W6UbPMM9SBS/fG1kKvw6LSndJLrEfK/WrzKSI2Ts3ZDZ7S5zrxpX tjQfoZye86MawVcCEvBF1d50kfy4Y96cEAMqfM0TUqG3vFYQrbGVgbBZD/QacKMFH2v2 /VzgS32B2p4TEDPED0DfeJtWEvZXV3qypy1GBIddNuRtlJu3SpYrt4krfupY3i2oB8gz Gs2Gkci83cxFweI2HsZsinRznUARFIOXYYDsQ/GvmoCDmNjDT/ruUfC/GfVWXy4Z8T0N 7o33SK8Wd3izVu6Y4ZI+cMFo8ZQhS6QIDTN6wjkt3dFMnGCR++cOYRiwOjBehq/Wwf2/ Tg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 33xecjkk41-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 04 Oct 2020 23:02:55 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 094La3WV025389; Sun, 4 Oct 2020 18:02:54 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint1.akamai.com with ESMTP id 33xmmxkr4c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 04 Oct 2020 18:02:54 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 4 Oct 2020 18:02:54 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.006; Sun, 4 Oct 2020 18:02:53 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Michael D'Errico <mike-list@pobox.com>, TLS List <tls@ietf.org>
Thread-Topic: [TLS] Un-deprecating everything TLS 1.2
Thread-Index: AQHWmmSMGwK3d0LBc0iqjKzMbO/aLqmH/2wA
Date: Sun, 4 Oct 2020 22:02:52 +0000
Message-ID: <0E05019B-32FF-4A0C-9AB5-E25544CA952D@akamai.com>
References: <eb32ba5a-8ea7-efb7-584d-0d0521d16f59@pobox.com>
In-Reply-To: <eb32ba5a-8ea7-efb7-584d-0d0521d16f59@pobox.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081201
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <452AE78D2D59E347B2EA4A7AAE0463DD@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-04_21:2020-10-02, 2020-10-04 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxscore=0 spamscore=0 malwarescore=0 bulkscore=0 adultscore=0 phishscore=0 mlxlogscore=858 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2010040167
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-04_21:2020-10-02, 2020-10-04 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2KrYI59yNJ_8d1I7APQIEhYfzpw>
Subject: Re: [TLS] Un-deprecating everything TLS 1.2
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2020 22:02:58 -0000

Mike,

I suggest you make sure you understand the analyses (plural) that have been done.  You are very far in the minority here. Even some folks who say "we don't need these features," but nobody else has said "this is not secure."

This is not to say that the RFC could not be improved, and gain clarity.  There is a 1.3 update RFC likely to be adopted by the WG soon, and if you find things unclear in 8446, opening issues could help.