Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

"Ackermann, Michael" <MAckermann@bcbsm.com> Fri, 04 December 2020 16:20 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E0123A0E04 for <tls@ietfa.amsl.com>; Fri, 4 Dec 2020 08:20:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.434
X-Spam-Level:
X-Spam-Status: No, score=-1.434 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=MAckermann@bcbsm.com header.d=bcbsm.com; dkim=pass (1024-bit key) header.d=bcbsm.com header.b=ZVNkflza; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com header.b=jrP1uL6k
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ek4o8ki5m9YG for <tls@ietfa.amsl.com>; Fri, 4 Dec 2020 08:20:32 -0800 (PST)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30BE63A0E8F for <tls@ietf.org>; Fri, 4 Dec 2020 08:19:52 -0800 (PST)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id ED361C0E74 for <tls@ietf.org>; Fri, 4 Dec 2020 09:41:12 -0600 (CST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ZIXVPM1670e2ded26; d=bcbsm.com; h=From:To:Subject:Date; b=OVm5Vw46fVzXKEcmYhWDrSUqWpJYx9gkznDvCtDAxRPOJVJ9OEB3kLr71waT5tdi WRAvmZw1aFjyDnHCu3pX5ncBvzAI/ylrIIj6kaEsQ1Honq4GbyQEnHq7UxLWVO tjKBw/QTf4BbtKC4S+hREOE6RReuaJDEO6ivXwISPpMgg=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.com; s=ZIXVPM1670e2ded26; t=1607096472; bh=IGDkKHdr4b/77q3S89+PMukU1T/UJOxx3wwubi4SDco=; h=From:To:Subject:Date; b=ZVNkflzaOeb3IFlT70uTX8Gmac0vfjvwdYUFwOahDwqBk7yu0aJyk5Ou4YF06Yi7E 1tR70jGakpgPO8NLk6DdpNhKjK1iqd0DTbfd+4LWbyZYIphAzbdbBkcWAvRxavfAwo 6fvaXn7ZKeYGkm7Wl3XB3pfSQVTaEB3uEZeuUvbc=
Received: from imsva1.bcbsm.com (inetmta03.bcbsm.com [12.107.172.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.z120.zixworks.com (Proprietary) with ESMTPS id ECD29C0E5F; Fri, 4 Dec 2020 09:41:09 -0600 (CST)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 999E692072; Fri, 4 Dec 2020 10:41:09 -0500 (EST)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 421A092053; Fri, 4 Dec 2020 10:41:09 -0500 (EST)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (unknown [104.47.56.168]) by imsva1.bcbsm.com (Postfix) with ESMTPS; Fri, 4 Dec 2020 10:41:09 -0500 (EST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hWf891UrBg44C9J2F201NQ3NQLdr5EqEYVM3uDgNmMyMBJLYJymjqRfWy2vX5LfS3mSSezv2aaTnRUwNVjCw7uyGMOTa28Mby+1Xf8/4kV7zNgKPSysRP/4Xn1c33KDSP2sQnVZ/xdopfUuK0keUpQJxjBizj/+Ow20skhsvhx0mKPdDkVg59tUu0fxr8WgWnRQOWNw8mpPhXqN4OeTa5HHBgm+m1v8YrONkcBgOA8/IikqfA8mEq18efDOpLBntYjbMtyHpyMNdOPgISg9R6vZX68iW+cxv8DmdarjooLmod8LyzwqBtIewkuKv1xNaavgqkEM//iDbiElEHi5/4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hh5SR6Q5azB5aWEtKX9QRWvZZ8/qWVLNH79/A+EzhY8=; b=fRiK51j24uZbjTu8bUU2Pp3ZvtyZV5UgIn9uRbUgPWwqQv4m9PIwH57d1sq9HA5rL92Xxqv2D7pEsDv2NntG8Lc3VuB24yj8LfnbBYKDnAxKXBXpGoyuVBmpdknu56rODACq84MkgSlOs04TRtn98MiDgGLbdHq03qWDpFfZl9+11bc9cwvwauaDqvl94CXdxMLGDs8OLeWhZvcmCa96QDdTks4+WAE5sgftI0N01q956TXc03PISYxKjgLCvb6EiER30rw4LV4Gzl5msLe9ukt+lVQa5V8c25acRdoiD2idY+Nm3tPd0uO0ErFHARgmBaw6NnL1fNqmakPrFN49rw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bcbsm.com; dmarc=pass action=none header.from=bcbsm.com; dkim=pass header.d=bcbsm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector2-bcbsm-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hh5SR6Q5azB5aWEtKX9QRWvZZ8/qWVLNH79/A+EzhY8=; b=jrP1uL6kvBrbBtSNlsWYgwpBvHSD9JCXYkkD6OyNyzkYKQLrGc0ghclK02cy2Y0SntN/dk4/c3V/7WKh9HG32wrq7U/wjRmtywbsTlvXnW/g5dbch29Rq9rxbJ+OYguk8P0D0X8JUGIFv5QqrJ7YX4Ytc0vQaX++VyvIq61mN0A=
Received: from DM6PR14MB3178.namprd14.prod.outlook.com (2603:10b6:5:118::30) by DM5PR14MB1369.namprd14.prod.outlook.com (2603:10b6:3:ce::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Fri, 4 Dec 2020 15:41:07 +0000
Received: from DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::51c:67e0:e24e:d676]) by DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::51c:67e0:e24e:d676%6]) with mapi id 15.20.3632.019; Fri, 4 Dec 2020 15:41:07 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "BRUNGARD, DEBORAH A" <db3546@att.com>, Rob Sayre <sayrer@gmail.com>
CC: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "STARK, BARBARA H" <bs7652@att.com>, Watson Ladd <watsonbladd@gmail.com>, "draft-ietf-tls-oldversions-deprecate@ietf.org" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Thread-Index: AQHWycFTA3hjjDCsPk6YnEmb4RjXcKnmJuswgABDRoCAAJNMgIAACfpggAAHbICAAAVbcA==
Date: Fri, 4 Dec 2020 15:41:07 +0000
Message-ID: <DM6PR14MB317843CA2B3D67F6660F4F0DD7F10@DM6PR14MB3178.namprd14.prod.outlook.com>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <SN6PR02MB4512B95842251AE4C04B199CC3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <BYAPR14MB31765FD24F4DFD90F81AEE2BD7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512CBA9E4BF6AAC778BC674C3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <DM6PR14MB31789349B737961728B7691ED7F30@DM6PR14MB3178.namprd14.prod.outlook.com> <CACsn0ckvoqZ5-JPRkOXp2Mw2zeTOdyCYLvX1NV1waJ-yidTwMQ@mail.gmail.com> <SN6PR02MB45129E647485BA5794D5CF4EC3F20@SN6PR02MB4512.namprd02.prod.outlook.com> <MWHPR02MB2464CD5D5B7568E9EAC58B26D6F20@MWHPR02MB2464.namprd02.prod.outlook.com> <DM6PR14MB3178EC0521427BF7C3523CACD7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <CAChr6SzvQK+exfgYEwfVNknMjr-Y-UJ4A7k0DkOkL9wmLQ84aQ@mail.gmail.com> <MWHPR02MB246499F35613820D45EB55AAD6F10@MWHPR02MB2464.namprd02.prod.outlook.com> <DM6PR14MB3178A0C152A746E41C6A01C6D7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <f8486514-9726-68d0-2bc8-dccd4293017e@cs.tcd.ie>
In-Reply-To: <f8486514-9726-68d0-2bc8-dccd4293017e@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=bcbsm.com;
x-originating-ip: [165.225.0.109]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ca95f6c6-3e26-44af-dfa8-08d8986b0453
x-ms-traffictypediagnostic: DM5PR14MB1369:
x-microsoft-antispam-prvs: <DM5PR14MB13698A5A3AE07EABAB305813D7F10@DM5PR14MB1369.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: a/ZGPsnyLmUz9yct4+WuiUbo1DR0ieaU/RN//8YyJeZ9aq7vv8/8T8hOtJwmKVJz9ttHdA+sXortsDy3A274lrrdlNBlBmjdnUSLpCmF6MrTEj2POnln07wwgKF6pqAJvH98BD07nhCO1QgSwxhk6qxqbg6dLbtOgriSwcadxlksKzx/x0RG6NdIwEGjr5KBNP3s28ExZpOHlb+n+X3h/WKkZowK2ikR+O9F5Uqku2t7LwVFIdBdfHfMKJFOSZFbKWMZbtkHuIFQ3+ojKM/oTd4e7mgMUXV0hmhsaHyaeniLE3RcZut4kOmgX+Wa9pV48zU4VyJhjwzpCwqgwoD/mw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB3178.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(396003)(366004)(39860400002)(136003)(376002)(186003)(66556008)(64756008)(55236004)(54906003)(52536014)(7416002)(296002)(5660300002)(8936002)(8676002)(66476007)(478600001)(76116006)(53546011)(7696005)(26005)(4326008)(66446008)(66946007)(83380400001)(71200400001)(55016002)(110136005)(33656002)(9686003)(2906002)(86362001)(316002)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?QlZnVnlYRnhwVDVYK3kxZGNSNEVURVFCQzNpOEd5amg3UXlOMEtIS1ZTcEVR?= =?utf-8?B?R2MyLzhhYWg4ZE9oclJkNXdROVJlaUkwWVRRTXdaQTUrRlNmV0dySU9VbGRJ?= =?utf-8?B?Z2pEWUxEN0paaDhwdkxMVEJLeTlPWW44cHcrY1IrSHR5b1lrWmI5dml1YlJN?= =?utf-8?B?WmYvWWRGYjZiZUh6L01LWHJDMlI1blo5a29IYSt4T1FYNVpGRFFuQ3BKR2du?= =?utf-8?B?RlE4ZGhqM25LYWtaSGdQZVZWTzZob0ZITkFENFROVHhUbDg1emFodlBCeVA4?= =?utf-8?B?emdpaTdQOVZZdnFIN2RXTzR4bEUxQXk0NkplalZQR1R3aGZQOGRJLzdwbEJI?= =?utf-8?B?VHd5V2FmR05Mc21PbC9TV1ZDcWRNbDVCVjBBaSt1YmJnT1ZKdVNyQ1FmRWxy?= =?utf-8?B?WWhxYnF2TE14YW92TWVTY1VKdlJscXNyeWk0anpTdUFXUXNQQjBIMERTMXlz?= =?utf-8?B?dERXWmZseW41K01wYmtCbUNabUJXSnJ1cXRDUUc0dVZwZXVIdDhReGhtTDMr?= =?utf-8?B?OE5hbzA0U3J3QnhJb2FFUlkrYWdHeDBKN0p4dkhCODR1V1RpNUdNNEpQQ0Qx?= =?utf-8?B?elFIRFcweUIzbFNla21ZRTZDY2tWb2EzOU83aXFNNTJCdU50MmhqK1FXZURs?= =?utf-8?B?UWplaGZqSlh3Rm8xMUZqQ3FZLzZrcVJpakt0azYvS1FheVVUMXJHYXJ0UWJO?= =?utf-8?B?ci9jQ2pLSTZDQU1URFVXRWxkdmUrWjVWcXYwZFZZMkFDK2creFR0ZGkyYklX?= =?utf-8?B?clFMY0lxcnFMQmdzSEhyd2tadUU1ZmNUeGdQZTJ6SHhzWUk5dzJWaTJlT2JG?= =?utf-8?B?RCsrUldYSTVES2grVUZQSHFqNWoyMHNXUWVVSGg1RGlsc1I0aXFCN05oQzEz?= =?utf-8?B?dmdic3loOElDQlc3ZHV6WWlZWU94RjV2d3BreHFHQWRaTGJhOUhqVGMzbUta?= =?utf-8?B?Z1FuQW1YOS9uYTNXdjE2MHJMSVppS3k2R1lWRE85VzhDSklrM3pRTkhnR1JD?= =?utf-8?B?Z1NNMnJPekFhajg3VXBZV1poMEg3SXJIZkU1aTdDUlRJSEpBbWlLclFrM3F1?= =?utf-8?B?bi9kRmUzN2dEYlMwcDhEK3I2TittN1FoRnVMRjJBRXRsaUt0VTdKUCtMY2Fw?= =?utf-8?B?RXFzWG1tNUtjVUI5dVBMMTJ4MGtkMmtxbm1NUGMrMmRSZnRSSTFWRWt2d3FP?= =?utf-8?B?WG4wSUxDcmRTRE9kYWtVK1ZMNWhJVkNlb0hYWmZEY25zUDJHSXFrK1FFN0pQ?= =?utf-8?B?aThSaUxLSm5OUlRsdDhpZllibmpJMFZCQUNzRmRneXBEeFBIQlpXWjNSWitL?= =?utf-8?Q?aM0Ne7KcBV8x0=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB3178.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ca95f6c6-3e26-44af-dfa8-08d8986b0453
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2020 15:41:07.3473 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LLSqyxo1W+WD2O6/KmCvWpefp4elg1Q1AHJqAJsWSswQsopoExWGnasD3M5KKNLlWJ2+3pda3VSJZeDM+/H92Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1369
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm02.z120.zixworks.com
X-VPM-GROUP-ID: b5334d9d-a9c9-4170-ae49-bb98fe42b9c3
X-VPM-MSG-ID: 3bc2e8f7-3c41-4c44-9f2f-b0f35e454f04
X-VPM-ENC-REGIME: Plaintext
X-VPM-IS-HYBRID: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Q0BKGOB6tLYXEJDcUbfdnJi2waU>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 16:20:34 -0000

Thanks Stephen

And I would agree that I or no one else can effectively, officially or otherwise represent ALL ENTERPISES.        In many cases (as I think you have witnessed), the very few of us who have showed up at IETF, are even  frequently reluctant to represent our OWN Enterprise officially, due to many "Non Technical" factors.     Unfortunate, but yet another reality of dealing with most large corporations and other large orgs.  

But I can say that most large Enterprises are VERY similar in architecture, operation, products, and most of all the issues we seem to face.    We are even MORE similar (scarily so),  within particular industry categories.       So there will be a good opportunity to get a pretty realistic view of Enterprise requirements, use cases, issues, etc.,  if IETF wants that, which I hope they do.  

Thanks again

Mike


-----Original Message-----
From: Stephen Farrell <stephen.farrell@cs.tcd.ie> 
Sent: Friday, December 4, 2020 10:22 AM
To: Ackermann, Michael <MAckermann@bcbsm.com>om>; BRUNGARD, DEBORAH A <db3546@att.com>om>; Rob Sayre <sayrer@gmail.com>
Cc: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>rg>; Peter Gutmann <pgut001@cs.auckland.ac.nz>nz>; STARK, BARBARA H <bs7652@att.com>om>; Watson Ladd <watsonbladd@gmail.com>om>; draft-ietf-tls-oldversions-deprecate@ietf.org; last-call@ietf.org; tls-chairs@ietf.org; tls@ietf.org
Subject: Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice


Hi Michael,

On 04/12/2020 15:14, Ackermann, Michael wrote:

> We (Enterprises) are not as involved as we should be in IETF, and that 
> is our own problem/fault. What I think irritates people like Stephen,

I'm not irritated at all:-)

> is that there have been situations where we finally try to get 
> involved and provide input/use cases, etc., but at the 11th hour or 
> after the ship has pretty much sailed.

Getting involved late is just something that happens when one first gets involved in any new thing so is entirely ok.

If I was irritated (and I'm still not:-), what would have caused that would be a claim that someone somehow represents all "Enterprises" and that nobody else has a clue what may be needed for such networks. I don't buy that at all and I guess never will, because it just isn't correct.

Cheers,
S.


> 
> So as you say Deborah, I very much want to get more Enterprises 
> involved in IETF initiatives,  but beyond that, being involved up 
> front in the process (perhaps even making positive contributions OMG),  
> rather than only whining about deployment/operational issues
> on the back end.   (or explaining why they exist, which is
> essentially what I was doing on this issue ☹).
> 
> How to accomplish this is a challenge and I think that is what Barbara 
> suggested taking off to the other list.
> 


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.