Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt

Eric Rescorla <ekr@rtfm.com> Wed, 11 July 2018 13:06 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D45F130DF3 for <tls@ietfa.amsl.com>; Wed, 11 Jul 2018 06:06:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVVD4xdiof9u for <tls@ietfa.amsl.com>; Wed, 11 Jul 2018 06:06:45 -0700 (PDT)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D24B130E0D for <tls@ietf.org>; Wed, 11 Jul 2018 06:06:45 -0700 (PDT)
Received: by mail-yw0-x229.google.com with SMTP id r184-v6so3723099ywg.6 for <tls@ietf.org>; Wed, 11 Jul 2018 06:06:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IKB1ps57/QT8GDfoHDbQ4rkeYKLyLnndWA/u8YoAxNU=; b=N9DeovBnkz9W6qnJkALdS23GI5Uw8gey2nf1K75ykRWj7cqiliYAAVcaCCjIG40SnY wvdB/YyNR2/xEUD0+KoRhX4NHpGlHEb+XvxlBpOEAsshvumi8Wt9CGBlnCn6aVjQ386+ RXsJ8L+086PD5bHt/8yU9lBSsxO7iuYO+y+PiQyX3EBskffBo8EyWgs83g7F7+44uCIu veifFCOk9oClPLy4LRMhRIfNZOGfBk7Xf2rIeSZkNQfoxPWDAKbsbjanBXyaCupsbjhJ F/uTKL1ccW1kSMiz2GZN/dm8gBH609kivTaR5pGVUVQMGsVFhfBNPKrWj2sRAHG9HeKq CktQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IKB1ps57/QT8GDfoHDbQ4rkeYKLyLnndWA/u8YoAxNU=; b=FqlO5ApzwF9LLDPFKc+FGHhY/SCBC4FqSUbbL1aUIAeIm8WIT2YUhTmIdb54ShFY0F lfnujsoMjC+sb07Xqy9NivWxNnaLdiXuuULppXFq+dRoJEz57X5XCxtHsQp/CRR9hvv2 g1F5ZzmTPkveLNnVdV1m6mIm+zfjYGKygiuKbhFoce/fqA0lizwJU98mcsQEv354ME0H XZrx1eCznVzb/3GD6vdgamJ+KO1YtS1u+cHOSO4h4/oTUhalbbtw4LPJdqyewAeAP7wS 8ka6C8fWu8eifBPoxXv79VrpVUY4IsV16Ne+dvpbpiQGvAaZ8yT3qDpiGeMhRGI++ef1 21TA==
X-Gm-Message-State: AOUpUlHdoz52usPivjFjEAAKlnKLwPTxBulNyBOGE+leJ3yc1FoLRK6n qg2jBgVJWQLDmPIBNqhCr2h/K6wnDx7MuBMW0dqpEgLY
X-Google-Smtp-Source: AAOMgpe2OFt+1o5/MuKQlvMlwgOHpdnW6GwS/R67UfHSVC4lAaIsATggQyJeUBL19oI+F6CN0Hr0Jx9hx1d8dshGMtU=
X-Received: by 2002:a81:2202:: with SMTP id i2-v6mr2896107ywi.167.1531314404768; Wed, 11 Jul 2018 06:06:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a81:6b83:0:0:0:0:0 with HTTP; Wed, 11 Jul 2018 06:06:04 -0700 (PDT)
In-Reply-To: <e669c670-fa21-4df2-4098-4e0eb218f4b5@cs.tcd.ie>
References: <152934875755.3094.4484881874912460528.idtracker@ietfa.amsl.com> <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com> <CABcZeBN4RPt_=zu-PTPeaYbQ4KxC8DAf=a7359pZDjYavpxecw@mail.gmail.com> <CABcZeBMzweULuOfxe_Dp7n6M7Lt77_1Qq92=KzfmuBeShUSCDQ@mail.gmail.com> <CY4PR21MB0774BE80A4424D41D0C8C4138C440@CY4PR21MB0774.namprd21.prod.outlook.com> <CAPsNn2U-WqPM-Tqun4NQkhy+ctpkdjkXj_dFurChKDB3f=WqRA@mail.gmail.com> <2ad88b61-aa3c-88d4-dfef-bcd78eeeeeca@cs.tcd.ie> <CAPsNn2UyQMEnS7y-Vgpt7j7c_z38OyhPgguvD7m54yVT013u6g@mail.gmail.com> <e669c670-fa21-4df2-4098-4e0eb218f4b5@cs.tcd.ie>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 11 Jul 2018 06:06:04 -0700
Message-ID: <CABcZeBPy7Y-3zXLoy1QFkLXHG7_WTxWBNmMw9QeY+iT+eyfPEQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: nalini elkins <nalini.elkins@e-dco.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000022d1b60570b8eb2f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2rvbRM7x7vbkDacW63O-CwCHqDY>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 13:06:49 -0000

I'd like to distinguish between two different questions:

1. Whether or not the IETF should recommend that people stop using older
versions of TLS.
2. Whether or not vendors should stop accepting/supporting older versions
of TLS.

The former one of these is just exhorting people to stop, which people can
comply with or not. The latter has real impact, especially for something
like a browser where ou (and counterparties) just get involuntarily
upgraded.

In the latter situation, we need to be pretty sensitive to wide use to
avoid bricking people. In the former situation, however, part of the
purpose of the IETF deprecating these protocols is to tell people who
haven't gotten off that we think they should, and that's a judgement partly
driven by uses (otherwise you look silly) but not entirely so. Given that
there is a good alternative (i.e., TLS 1.2) that's straightforward to
deploy, I'm not sure that the fact that a lot of people are running downrev
versions means we shouldn't say that the IETF no longer considers that good.

-Ekr


On Wed, Jul 11, 2018 at 2:50 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>;
wrote:

>
> Hiya,
>
> On 11/07/18 06:45, nalini elkins wrote:
> >  Stephen,
> >
> >> I'd love to add more detail like that and/or more sections for other
> > protocols if folks have data to offer with references.
> >
> > I believe that I can reach out to various people I know.   Please comment
> > if my methodology is acceptable and if you think this will be helpful.
>
> It's not whether the methodology is acceptable to me or not
> but whether or not the references to the numbers are credible
> for readers:-)
>
> A few comment below,
>
> >
> > I am thinking the following:
> >
> > Location: U.S. / Canada (possibly U.K.)
> >
> > -  3 banks (hopefully from the top 5)
> > -  3 large insurance companies  (includes back end processing)
> > -  3 U.S. federal government agencies
> > -  3 companies in the Wall Street / Stock brokerage sector (includes back
> > end processing)
> > -  3 large credit card / processors (ex. Visa, Discover, MasterCard,
> etc.)
> > -  3 in the retail sector (Home Depot, Target, Lowes, et al)
>
> Those are pretty small numbers unless they're interacting with
> a lot of TLS services. It'd be hard to know if they'd be
> representative of something or not if they're anonymised in the
> results. I'd encourage you to try get people to be open about
> things here - there's no particular shame in having 10% TLSv1.0
> sessions after all:-)
>
> >
> > Note: I put in "back end processing" because these are the folks that
> most
> > often have many connections to other business partners and so in some
> ways
> > have the most complex systems to deal with.
> >
> > Note #2:  This is aspirational!  I hope I can get all these people to
> > cooperate.  I will try at least to get some in each category.
> >
> >
> > I will ask them the following questions:
> >
> > 1.  How many applications do you have?  (This may end up being only the
> > mission critical ones as otherwise it may be too hard to obtain.)
>
> I'm not sure that's so interesting for this question. And I'm not
> sure that different people would count things as applications in
> the same way.
>
> > 2.   How many are using TLS and how many are still plain text?  (We will
> > disregard SSH and other such variants.)
>
> Again, that's not so interesting here.
>
> > 3.   What percent of clients are using a pre-TLS1.2 version?  (This will
> be
> > an estimation.
> I don't see why this needs to be estimated, this is kinda the key
> measurement needed and easy to measure. There should be no need for
> anyone to stick their thumb in the air for this:-)
>
> It'd be good to distinguish TLSv1.0 from TLSv1.1 (and SSLv3 and
> TLSv1.3) and to say for how many TLS sessions or hosts/IPs the
> figures apply.
>
> And of course providing as much context as possible so that it's
> possible to understand the numbers and whether or not the numbers
> from different sources are based on the same or different kinds of
> measurement.
>
> >
> > 4.   Do you have an active project to migrate off of older versions of
> TLS?
>
> Sure.
>
> >
> > 5.   What do you estimate your percent of clients using pre-TLS1.2
> versions
> > to be next year?
>
> I don't see how this'd be so useful. Aaking about the historic and
> current rates of change of use of the various protocol versions would
> be good though if people have that, but they may not.
>
> S.
>
> >
> >
> > Please let me know if this will be of use & if you have suggestions for
> > improvement.
> >
> > Thanks,
> > Nalini
> >
> >
> >
> >
> > On Tue, Jul 10, 2018 at 1:51 PM, Stephen Farrell <
> stephen.farrell@cs.tcd.ie>;
> > wrote:
> >
> >>
> >> Hi Nalini,
> >>
> >> On 10/07/18 04:50, nalini elkins wrote:
> >>> It would be nice to see some of this reflected in the draft rather than
> >>> only statistics on browsers.   The real usage of these protocols is far
> >>> more complex.
> >>
> >> I didn't have time before the I-D cutoff but have since
> >> added a section on mail to the repo pre-01 version. (See
> >> [1] section 3.2.) I'd love to add more detail like that
> >> and/or more sections for other protocols if folks have
> >> data to offer with references.
> >>
> >> Consistent with other folks' numbers sent to the list
> >> yesterday, (though based on a much smaller sat of data I
> >> guess;-) my data shows 10.6% use of TLSv1.0 when talking
> >> SMTP/IMAP/POP (or HTTP) over TLS to a population of ~200K
> >> IP addresses that listen on port 25 (mail servers).
> >>
> >> What I don't currently have is a rate of change for that
> >> figure. I think that rate of change is the important number
> >> for figuring out what to do in the next while. E.g. The
> >> WG might conclude that if the percentage of TLSv1.0 is
> >> moving down nicely, we should be a bit patient. If it's
> >> not moving at all, we can probably move now or in 5 years
> >> without that being different. If we're not sure, then get
> >> more data...
> >>
> >> Cheers,
> >> S.
> >>
> >> [1]
> >> https://github.com/sftcd/tls-oldversions-diediedie/blob/mast
> >> er/draft-moriarty-tls-oldversions-diediedie.txt
> >>
> >
> >
> >
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>