Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Sat, 14 July 2018 16:59 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C9AB130E8F for <tls@ietfa.amsl.com>; Sat, 14 Jul 2018 09:59:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7shKxGpjad_o for <tls@ietfa.amsl.com>; Sat, 14 Jul 2018 09:59:05 -0700 (PDT)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1577128CF3 for <tls@ietf.org>; Sat, 14 Jul 2018 09:59:05 -0700 (PDT)
Received: by mail-wr1-x42a.google.com with SMTP id g6-v6so19000348wrp.0 for <tls@ietf.org>; Sat, 14 Jul 2018 09:59:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ZvFAHCtBHECRFIwUr0hkxWN1hkl/MAVMRvIPWsbPRYs=; b=UapEbGKJBo8jUUDhQD86RxGXm7bxztPFVvm+lsno0Z/9ujdvJhKT9jvWBABDtN73jB SZUTzY9zvtFwIw1AxfXoppQ8pVP3kz32v5v9M5VyPNtWoT0aYmu5+thOPfQB9ZdUTA/y hQMipdQXDKjtpcTtdtqAed4pqVoac11eB036nLmVHxPyJ+x2lj/ed3YQjTeA24Mqgl6U rOcpBBjEuD1oFGPIViql+khIYkbeEVDBPoPqzlmSUhVEDF1AWv/wcDH7tUJLvtjPAMZL NNl3fjvf9xE/aohWKS+xVHy+peJSJteKYfISxwKYKHC453hKpwuLj2G/9x1fOS3bb7LK 1Z5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ZvFAHCtBHECRFIwUr0hkxWN1hkl/MAVMRvIPWsbPRYs=; b=QJrvPQEOoMiAtlknQuX5MzCXWTWGINAjUf5em8OFzZy+lzWs0Bw3fgOUm4RpnLSSpU MfN0Giqq8f+kjA+6nskVAJ5FWukv7YqueU4fGojyoPhc34QjfIb6Kf+g68eDghKOAnZE uAs1VbhNXb8ZViCsY2XdV0YcuRTvm8inTYSv9ZT7SSW0UHk1R+qGbAvZPdPVie9jIGFQ lzXVXMcrHj+9kaykIKa4LnbQOSNvtAlzOFouuhveP7eEdbiUvvO3X5YxulqyElLkUgfN Umj+piLiX4ZIGm8V2A6XNcMM24BOS09YEL5QRwmEeVQap5VFM/GOhjz6tQMCoWzFxwbv xxWA==
X-Gm-Message-State: AOUpUlHtiyEsMEtTeCbWT/D2OwkYMQ5uQ8XqJQ1O1OWiIZ3bQW/BW2oV Hz8MV9W7O8F1BGRpq7WPYNeY09yF
X-Google-Smtp-Source: AAOMgpfoU/KrZaSEsnRRVLEzWGlZuFS6qLVPCuruC7zva5xl/FsnamX0PUQ2iCpu83a/dWFHFUUUIQ==
X-Received: by 2002:a5d:438d:: with SMTP id i13-v6mr8355177wrq.156.1531587543870; Sat, 14 Jul 2018 09:59:03 -0700 (PDT)
Received: from [172.18.91.175] ([80.81.74.138]) by smtp.gmail.com with ESMTPSA id r68-v6sm3484499wmr.2.2018.07.14.09.59.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Jul 2018 09:59:03 -0700 (PDT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, nalini elkins <nalini.elkins@e-dco.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
References: <152934875755.3094.4484881874912460528.idtracker@ietfa.amsl.com> <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com> <CABcZeBN4RPt_=zu-PTPeaYbQ4KxC8DAf=a7359pZDjYavpxecw@mail.gmail.com> <CABcZeBMzweULuOfxe_Dp7n6M7Lt77_1Qq92=KzfmuBeShUSCDQ@mail.gmail.com> <CY4PR21MB0774BE80A4424D41D0C8C4138C440@CY4PR21MB0774.namprd21.prod.outlook.com> <CAPsNn2U-WqPM-Tqun4NQkhy+ctpkdjkXj_dFurChKDB3f=WqRA@mail.gmail.com> <2ad88b61-aa3c-88d4-dfef-bcd78eeeeeca@cs.tcd.ie> <CAPsNn2UyQMEnS7y-Vgpt7j7c_z38OyhPgguvD7m54yVT013u6g@mail.gmail.com> <e669c670-fa21-4df2-4098-4e0eb218f4b5@cs.tcd.ie> <CAPsNn2VoZqfEyviHr8wivHv2iACsySb--E1ogzxJ9v7FGTdM7Q@mail.gmail.com> <91231fb5-8d5a-c825-8ac7-dd34d46db746@cs.tcd.ie>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <37850f6b-6c12-4a17-766e-437df8604377@gmail.com>
Date: Sat, 14 Jul 2018 19:59:01 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <91231fb5-8d5a-c825-8ac7-dd34d46db746@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4Nostd9NZAso-uX8ptzuq_sUfzw>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jul 2018 16:59:08 -0000
> >>> I'd encourage you to try get people to be open about >>> things here - there's no particular shame in having 10% TLSv1.0 >>> sessions after all:-) >> >> It isn't a question of shame but it is just a bit too much information >> to provide a potential adversary. That is, to say that Stock Exchange XYZ >> has n% of TLS1.0 clients provides a potential attacker too much >> information. > > Not sure I agree there tbh. If they're externally visible > services, then it's public already. If they're not, and the > attacker is inside the n/w, then the bad actor can find it > out then. But I do understand organisations being shy about > such things. > Having gone through this exercise recently, I agree with Nalini on why people would not want to report openly. For a typical enterprise, 10% TLS 1.0 in the internal network could well mean that 10% of your servers are Java boxes that have not been updated in the last two years (and so are riddled with vulnerabilities that are much more severe than the old TLS version). Absolutely a good reason to be ashamed :-) and certainly not information that you'd want to share openly. Thanks, Yaron
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Eric Rescorla
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- [TLS] raising ceiling vs. floor (was: New Version… Viktor Dukhovni
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Martin Thomson
- Re: [TLS] Fwd: New Version Notification for draft… Martin Rex
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- [TLS] Fwd: New Version Notification for draft-mor… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Loganaden Velvindron
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] Fwd: New Version Notification for draft… Alessandro Ghedini
- Re: [TLS] Fwd: New Version Notification for draft… Andrei Popov
- Re: [TLS] Fwd: New Version Notification for draft… Eric Mill
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Viktor Dukhovni
- Re: [TLS] raising ceiling vs. floor (was: New Ver… David Benjamin
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… Viktor Dukhovni
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Phil Pennock
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] [CAUTION] Re: Fwd: New Version Notifica… Martin Rex
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] [CAUTION] Re: Fwd: New Version Notifica… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Christopher Wood
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Jeremy Harris
- Re: [TLS] Fwd: New Version Notification for draft… Artyom Gavrichenkov
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Artyom Gavrichenkov