Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
Artyom Gavrichenkov <ximaera@gmail.com> Sun, 19 August 2018 21:23 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D559130EB0 for <tls@ietfa.amsl.com>; Sun, 19 Aug 2018 14:23:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5w7B9wkux3AR for <tls@ietfa.amsl.com>; Sun, 19 Aug 2018 14:23:12 -0700 (PDT)
Received: from mail-yw1-xc31.google.com (mail-yw1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D792130E32 for <tls@ietf.org>; Sun, 19 Aug 2018 14:23:12 -0700 (PDT)
Received: by mail-yw1-xc31.google.com with SMTP id r3-v6so6177765ywc.5 for <tls@ietf.org>; Sun, 19 Aug 2018 14:23:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Xx12cEiGYUYK+7+HRIMBo50t1L+f8B8SI0e0Xj+68ks=; b=ECV4b2E4SRCc1xk7vAlITCSO6oefh75Xf6RwpK48kgTcnYR3i5XEYNui7Z2AJuXqRL e9t+2i0DQaikGFBJq4FQNwLq0IF726wxltHYDIib4ht/kv6gaPAX7u26PA1n6nAH2N3L QoGq0ux3XSu7W65ClStvfU3U7Z0VSPusrDBhBzFFIE+R2poEckHI90//p2pIGZZLiGt+ RpqucsdhribRXBnQbnmGU+GVv6AOkf2cQnNPeGx99iw4ZTbUOQ99bRqFFH9IvSY6xtY+ L+r/459LueOM3mht/NO6573q9eDEkzEXj69s1gQgHPXswSGPCfcvgBj9Y9Ge+rZkSIYj VdTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Xx12cEiGYUYK+7+HRIMBo50t1L+f8B8SI0e0Xj+68ks=; b=UPz9IPV+T95ddoNFcTav+nVj9F1xSrx8nrQJZSDOsPfQYJ2GyLl8dP9JUlNiuqLiKR Gybpfpohh8UCgVprfnB+rOmxjEz2yOZsTX9WS/lless9lSORvwQotin/5Yy6ZArQPO5i gbilLHM8ARlaHYzRJRQyc1aKc1l9JT3U+D0cBMLDcDDZLCt7F3Oa+eL0pQoFY0vClk44 guVE96rXNIIUZmh37KgJrZOiYIxpBJ1C+LhrUSnS67B88uwlxXUvlCzw/ftmY8Hm+YaT nWU5dx6ViCB80+ay59APZMILYyzqEvTfuSbTKe6yc7L1O8mccYUKdDEm0QnBClrRoUVT OkTw==
X-Gm-Message-State: AOUpUlHMMictgXzQv8Qji+9Lb4UwvGaI9usKaUP4qQOzSsz5aZbx/w/E mkRtyXUpv/Celqhgs6CMf77OB04ni1omnjviZOQ=
X-Google-Smtp-Source: ANB0VdbqBn2+rELDi78Xu0pDg3CnsNwOrFGoxE2UwzxJnBsWqVnNMysH3CTDRuxymx0WQpTGX6kdpo7mDyIcafv0c6s=
X-Received: by 2002:a81:3595:: with SMTP id c143-v6mr1146042ywa.184.1534713790983; Sun, 19 Aug 2018 14:23:10 -0700 (PDT)
MIME-Version: 1.0
References: <152934875755.3094.4484881874912460528.idtracker@ietfa.amsl.com> <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com> <CALZ3u+Y0pcfbM3+jLSAsux9NpKgAKeYfV8p282jnpAgobBbSLw@mail.gmail.com> <84460734-cfd5-e66e-f242-e72b10589d56@cs.tcd.ie>
In-Reply-To: <84460734-cfd5-e66e-f242-e72b10589d56@cs.tcd.ie>
From: Artyom Gavrichenkov <ximaera@gmail.com>
Date: Mon, 20 Aug 2018 00:22:59 +0300
Message-ID: <CALZ3u+a5SPtatPaaoCb5u48cXkK3pvruHPctUEV0Jk8BCr=N6Q@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7YG-eYwnS1gl8WxI50ctkC6oS2Q>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2018 21:23:16 -0000
Good day! On Sun, Aug 19, 2018 at 3:01 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > 1. The bit you quote above is incomplete Yep, but the rest of the paragraph just outlines *recommendations* (or, even better, 'encouragements') while the draft states that "PCI Council [is] deprecating TLSv1.0 and TLSv1.1 by June 30, 2018". In the PCI world, *deprecation* is commonly thought to be a *requirement*, not a recommendation. It is *not recommended* to use TLSv1.1 (and TLSv1.2) already just by virtue of fact that a more up-to-date spec version exists. My point here is that this wording is not, strictly speaking, correct -- so far, as a matter of fact. (In fact, PCI DSS even still allows usage of SSLv3 under certain circumstances -- e.g. POS/POI, -- but said circumstances are strict enough for us to conveniently omit mentioning those). > 2. Use of TLSv1.1 seems to be almost non-existent. See the figures > in the -01 draft for some detail [..] Maybe, but this is irrelevant to the concern I've raised. If you want PCI SSC to deprecate TLSv1.1 just because enterprise networks are not using it, the right way to do it is to share the data with the SSC along with the research methodology and let them decide. By the way, at least one issue with the research data referred to in draft-diediedie-01 which I'm aware of is that the researchers were hunting for open 443/tcp port only, while the enterprises have a practice to move deprecated services those enterprises somehow cannot get rid of to different ports, like, 4443, 4433, 8443 and so on. To make it absolutely clear, I'm not criticizing the methodology now, however, I just want to raise a concern that if PCI SSC somehow decided to deprecate v1.0 (far ahead of IETF) but still keep v1.1 then, *maybe*, they had at some point in time a strong reason to do so. It's entirely fine to ignore their preferences and let PCI SSC 'catch up' without quoting themselves as a reference, or, vice versa, it's okay to quote the SSC while sticking to their actual suggestions. Just in case, I'm not in any way against the draft-diediedie. I support it, which is why I've voted for the WG adoption before posting this to the mailing list. I'm just a nerd who wants the document to be consistent for that matter, and that's it. -- Töma
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Eric Rescorla
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- [TLS] raising ceiling vs. floor (was: New Version… Viktor Dukhovni
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Martin Thomson
- Re: [TLS] Fwd: New Version Notification for draft… Martin Rex
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- [TLS] Fwd: New Version Notification for draft-mor… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Loganaden Velvindron
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] Fwd: New Version Notification for draft… Alessandro Ghedini
- Re: [TLS] Fwd: New Version Notification for draft… Andrei Popov
- Re: [TLS] Fwd: New Version Notification for draft… Eric Mill
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Viktor Dukhovni
- Re: [TLS] raising ceiling vs. floor (was: New Ver… David Benjamin
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… Viktor Dukhovni
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Phil Pennock
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] [CAUTION] Re: Fwd: New Version Notifica… Martin Rex
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] [CAUTION] Re: Fwd: New Version Notifica… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Christopher Wood
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Jeremy Harris
- Re: [TLS] Fwd: New Version Notification for draft… Artyom Gavrichenkov
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Artyom Gavrichenkov