IETF Logo Mail Archive

Re: [TLS] How are we planning to deprecate TLS 1.2?

Sean Turner <sean@sn3rd.com> Fri, 03 March 2023 19:25 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD4AC14CF1D for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 11:25:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMctx_nDI6rb for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 11:25:15 -0800 (PST)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2909C14CEE4 for <tls@ietf.org>; Fri, 3 Mar 2023 11:25:15 -0800 (PST)
Received: by mail-qt1-x82e.google.com with SMTP id l18so4097445qtp.1 for <tls@ietf.org>; Fri, 03 Mar 2023 11:25:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=MlbS3oEkk6YlhlGuAFyvfJ7dpG1Ah0Mih4WY3JUqkWA=; b=mALNmwHO3Lo4Vbm9lNqlwjY/JICqEBzACa9KhZ9dM4gRoRH4XLEMwZKyFcG7BccCLh QFhNuioTqxjyaiEuOGBFQ2HiRYLGl22UjtEv4JShssvEdJ38O2Va97VL2drrFQkKJbkp wILB8aW95lftoUK5vKON2w46lO2UqRcANLlhY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MlbS3oEkk6YlhlGuAFyvfJ7dpG1Ah0Mih4WY3JUqkWA=; b=Elzvvxlcp6i5EjjNLleetiso8tqvRy5iq1VubbnfBzmC5B6g3PNYdNRiJlVC6Uv40o dmoT+2zKmKqE+VGwqeZsotBT8mpNH0l7JgGSDE27zM43yMsL0Go5FZxTXsfPt7eqE0qy GxzzRoU5OspaQAY4YgIUWy8MEJKzt+UfFBUOxjSE9dra3n9DBWxUXqKMdW6uL2qRcS7Q HF04+1Q4N+sY5knuf8Noqo9CoAoAmyIfbQWBV7Qcm02Sv7gRwgqeKwS76JccJCNd6p/g yCzxjnhrwyR+HuGIV6L+mk9eUix4qW7qvnyf3p5RjtGd7SSyeHVgtYxN+R29akAKJ75r mQTg==
X-Gm-Message-State: AO0yUKW18MdCujeaIU/KVpN8DP9ugGg1WUP9QVzdZ8eBnko94zHVWm2A 1sHmpJ8xyQHQC1POELH3H8+0vg==
X-Google-Smtp-Source: AK7set/9wX47P/f1CAuI9V3R8LAud/7BClglJB1Ch+lUxfM1HOQwKaCGJx3czSnREi6S8TZu3yfo3Q==
X-Received: by 2002:a05:622a:64c:b0:3b6:3577:2fe7 with SMTP id a12-20020a05622a064c00b003b635772fe7mr4510250qtb.49.1677871514554; Fri, 03 Mar 2023 11:25:14 -0800 (PST)
Received: from smtpclient.apple (pool-68-238-162-47.washdc.fios.verizon.net. [68.238.162.47]) by smtp.gmail.com with ESMTPSA id g3-20020ac84b63000000b003b2d890752dsm2203006qts.88.2023.03.03.11.25.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2023 11:25:14 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.14\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CABcZeBORp+jpXe6pU+7bhn7wXwRuzvCiyjdYMf_nWkwt7jhpDw@mail.gmail.com>
Date: Fri, 03 Mar 2023 14:25:13 -0500
Cc: Nimrod Aviram <nimrod.aviram@gmail.com>, TLS List <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1EDA94E9-C783-4B72-8858-422BC40548DC@sn3rd.com>
References: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com> <CABcZeBORp+jpXe6pU+7bhn7wXwRuzvCiyjdYMf_nWkwt7jhpDw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3654.120.0.1.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6lAuMVNzwi3BRe90yB84gffaWwo>
Subject: Re: [TLS] How are we planning to deprecate TLS 1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2023 19:25:19 -0000

just want to point of out that at least in the IETF that RFC 9325 [1] was recently published.

spt

[1] https://datatracker.ietf.org/doc/rfc9325/

> On Mar 3, 2023, at 13:40, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> Nimrod,
> 
> Thanks for bringing this up. I don't think we really have had much of a discussion.
> 
> I *do* think we should be thinking about deprecating TLS 1.2 at some point, not so much because
> it is bad (though of course we believe TLS 1.3 is better)  but because it's better to just have
> one thing that we work on and not have to reason about/work on TLS 1.2. And of course, we really
> don't want to have to do major work on TLS 1.2, e.g. for Post-Quantum.
> 
> I don't have strong feelings about the timeline.
> 
> -Ekr
> 
> 
> 
> 
> On Fri, Mar 3, 2023 at 10:18 AM Nimrod Aviram <nimrod.aviram@gmail.com> wrote:
> Hi Everyone,
> 
> We’ve recently had a brief side discussion around the issue of letting vendors (or operators) know when something is expected to be deprecated:
> https://mailarchive.ietf.org/arch/msg/tls/Djk35kp5P5Z1WfmN8_OJj_eYRLo/
> 
> Currently, there is no expected deprecation timeline for any specific primitive or protocol version. As one example, it seems like we plan to deprecate RSA key exchange in TLS 1.2 soon (as part of draft-ietf-tls-deprecate-obsolete-kex). However, so far we did not explicitly communicate this to vendors, and it seems like vendors either have to follow the mailing list and deduce the likelihood of an upcoming deprecation, or face a deprecation RFC at some random point in time (from their point of view).
> 
> And whatever the specifics of RSA key exchange deprecation, this will likely not be the last time we deprecate something :-)
> 
> Specifically, we will have to decide when/if to deprecate version 1.2 of TLS within, say, the next 20 years.
> 
> One possible solution is to publish “expected deprecation timeline” documents:
> Let’s fix some timeframe which “is enough for everyone to upgrade at least once” (famous last words, I know). I think of this timeframe as 3 or 5 years, but it could as well be 8 or 10 years, and this solution would still be viable; let’s denote the number of years as X. So, an “expected deprecation timeline” document could specify that within X years, implementations MUST support TLS 1.3, and within 2X years, implementations MUST NOT support TLS 1.2. (If X=8 years, then we specify that by 2031 implementations MUST support TLS 1.3, and by 2039 implementations MUST NOT support TLS 1.2.) This would clarify the WG’s expectations to vendors, and would save the WG valuable time discussing whether enough implementations in the field support the new protocol/primitive.
> 
> Is there interest here in such a solution?
> 
> Credit where it’s due: This is based on an idea I heard from Dan Bernstein - thanks Dan.
> 
> Best,
> Nimrod
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email