Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt
Julien ÉLIE <julien@trigofacile.com> Fri, 08 March 2019 19:31 UTC
Return-Path: <julien@trigofacile.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DF9E127A73 for <tls@ietfa.amsl.com>; Fri, 8 Mar 2019 11:31:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnfKVfVc29R4 for <tls@ietfa.amsl.com>; Fri, 8 Mar 2019 11:31:25 -0800 (PST)
Received: from denver.dinauz.org (denver.dinauz.org [37.59.56.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16C7A12799B for <tls@ietf.org>; Fri, 8 Mar 2019 11:31:25 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by denver.dinauz.org (Postfix) with ESMTP id 008806046B; Fri, 8 Mar 2019 20:31:23 +0100 (CET)
Received: from denver.dinauz.org ([127.0.0.1]) by localhost (denver.dinauz.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iq55ZyLUWS4S; Fri, 8 Mar 2019 20:31:22 +0100 (CET)
Received: from macbook-pro-de-julien-elie.home (2a01cb0800a77500e55ee6b556e83842.ipv6.abo.wanadoo.fr [IPv6:2a01:cb08:a7:7500:e55e:e6b5:56e8:3842]) by denver.dinauz.org (Postfix) with ESMTPSA id 911456046A; Fri, 8 Mar 2019 20:31:22 +0100 (CET)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, tls@ietf.org
References: <154165491176.26419.11906807559515385277@ietfa.amsl.com> <62386296-c674-44ef-65b0-e3ced823eb92@cs.tcd.ie> <b5a4aa40-d169-cc26-afa5-2600274fdbcb@trigofacile.com> <80e995af-6fbc-fd96-6aec-586ac6b91e87@cs.tcd.ie>
From: Julien ÉLIE <julien@trigofacile.com>
Organization: TrigoFACILE -- http://www.trigofacile.com/
Message-ID: <82df11e9-d689-1a70-66c2-63b15b1fdc62@trigofacile.com>
Date: Fri, 08 Mar 2019 20:31:21 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <80e995af-6fbc-fd96-6aec-586ac6b91e87@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7RUrEeM49z2Xg_2h1H7iEQJO8uE>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2019 19:31:29 -0000
Hi Stephen,
>> That's why I suggest draft-ietf-tls-oldversions-deprecate does not
>> update RFC 4642. It is no longer useful.
>> Are you OK with this analysis?
>
> Sorta:-) I think these are overlapping but not quite
> identical updates. E.g. IIUC 8143 doesn't say to not
> use TLSv1.1. I added the sentence below to the editor's
> copy [1], but happy to do something else if I'm wrong,
> which is entirely possible;-)
RFC 8143 (updating RFC 4642) states in Section 3:
The best current practices documented in [BCP195] apply here.
Therefore, NNTP implementations and deployments compliant with this
document are REQUIRED to comply with [BCP195] as well.
And RFC 7525 (belonging to BCP 195) states in Section 3.1.1:
o Implementations SHOULD NOT negotiate TLS version 1.1
[...]
o Implementations MUST support TLS 1.2 [RFC5246] and MUST prefer to
negotiate TLS version 1.2 over earlier versions of TLS.
That's why I thought RFC 8143 was already requiring not to use TLS 1.1.
Incidentally, in the Abstract of draft-ietf-tls-oldversions-deprecate,
it is said that this document updates RFC 7525, but RFC 7525 does not
appear in the Updates list. Shouldn't it be added?
--
Julien ÉLIE
« Le rire est une chose sérieuse avec laquelle il ne faut pas
plaisanter. » (Raymond Devos)
- [TLS] I-D Action: draft-ietf-tls-oldversions-depr… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Martin Thomson
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Julien ÉLIE
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Julien ÉLIE
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Julien ÉLIE
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… John Mattsson
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… John Mattsson
- Re: [TLS] I-D Action: draft-ietf-tls-oldversions-… Stephen Farrell