Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Rob Sayre <sayrer@gmail.com> Mon, 07 October 2019 03:30 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAE3E12002F; Sun, 6 Oct 2019 20:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbPmpKl3YV_y; Sun, 6 Oct 2019 20:30:53 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E54112000F; Sun, 6 Oct 2019 20:30:53 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id z19so25576075ior.0; Sun, 06 Oct 2019 20:30:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gZHaxPQbtOOMoNhUOOAy8keZo5kZviyZNPQdQj54BM4=; b=EXBLac9srCle+7pX+lJh/u/RU5vC9dBtIzulDfhcr1pQQb3CmW351zcfA+cSwgTVOS x7VD7fW7u6GSdHN338WjQrWTTZaAnOAayeciw4FAaXOuY2EVz56+3NFooigr6YX52o5c f3HXL0keoHtNRvifSbIZXLoP85Cuk/Le34TiM4Za3a6TJhk4DYeLuFPcxlW7cF3y8JS4 ikGqwYA7txgW4I7qLdwZ+xPfzAplGi5FLYgouVfdyS98bKwpqfm5CU80o8tyhRznk4MR uTA31lx8n+Rtkc2GCziPT2Q8/+L7bvWp6KuOnbJGCs9IFV2cQJtn6zeloapLeX8+qdTM XV7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gZHaxPQbtOOMoNhUOOAy8keZo5kZviyZNPQdQj54BM4=; b=JNE5Oumlx93XYRPVHfkfRkWG6ZMamMsr6Q6WG2Zhl0zJiNAHtWknyPakZprcjEInMw RnL4HY0XyK1tbFCMTWzUqWjvbJVwf6Qw23Lg65ufqr/EX3ZqsFYb+ZigV4USWx6EOgX3 9A1LDdGzkElowK/hpY85bRy3PcobP7LZoC8XdXtqv/XA8b2tfoZPHnLfUCm9VcoKjSvm NoYz15/NR7pdBjpRH+Y/qJjVCbjPrL2TCfklgJjS+Quo0gjDbYqJFo1eNofJSwcYLluf dZ6hMOAVvPEDneHj01w618u0wNLOwWaqOFn8Zd5fHZWLzFotv14ccRIXfhkbXw3Gppd7 ARdA==
X-Gm-Message-State: APjAAAVMojubSPfE6RiskM2Tv++dGxXMJ4NNGSsVjwrKRmZbegZL/SEk QLpNCdWPSsZpmskUFnk5FHsUmMXFC4BkaZz0ilg=
X-Google-Smtp-Source: APXvYqyOLHhUbZcwy0XWpMsV/yVUHd9n+fp/jwmibiVpzyBiog5GNPd9OwtyDVZpB4pNpQsHOoR6xkiqHbjhT9NGI2I=
X-Received: by 2002:a92:ca8e:: with SMTP id t14mr27607801ilo.73.1570419052251; Sun, 06 Oct 2019 20:30:52 -0700 (PDT)
MIME-Version: 1.0
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com> <149BDA3C-14CF-459F-90D4-5F53DBEF9808@iii.ca> <CAChr6Sx4AVjkoKWiD2-cT2ZBNg=mKzeOX603gVs0f7vQ_FgN7A@mail.gmail.com> <CABcZeBNOVOBifOSnWdxSDTLizUUUn6ctLrBT43CHK+4B7KWGiQ@mail.gmail.com> <CAChr6SzT3GqmidPbmVjmrZX=u1UpBee4e8K2C-zHuNHEqgB7uQ@mail.gmail.com> <20191006164205.GW6722@kduck.mit.edu>
In-Reply-To: <20191006164205.GW6722@kduck.mit.edu>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 7 Oct 2019 10:30:38 +0700
Message-ID: <CAChr6Sz3F5MqmPFK9tASoj=4eG4FDtUeK59ovO+bR5-u61RTww@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Eric Rescorla <ekr@rtfm.com>, Cullen Jennings <fluffy@iii.ca>, "tls@ietf.org" <tls@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, draft-ietf-rtcweb-security-arch.ad@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c210b6059449ad52"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7bVz3AJHkIJlzDtRNeuQf-Qw8X8>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 03:30:55 -0000

On Sun, Oct 6, 2019 at 11:42 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> >
> > Shouldn't there be an informative reference?
>
> I think that's largely a question for the sponsoring AD (CC'd) and the RFC
> Editor.
>

Well, I hope we can all agree that the document refers to an RFC without a
citation in the references section.


>
> My assumption (I was not following the work) is that it was a well-known
> fact among implementors at the time that some large implementations only
> implemented DTLS 1.0.  Accordingly, "might encounter interoperability
> issues" is a bland uncontroversial fact, in that context.
>

That was definitely the case in November 2018, when the text was added:
https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-rtcweb-security-arch-17.txt

Chrome tried and failed to remove DTLS 1.0 in April 2019:
https://bugs.chromium.org/p/webrtc/issues/detail?id=10261#c38

But now all major browsers are removing TLS 1.0 and 1.1 support in January
of 2020:
https://groups.google.com/forum/#!searchin/discuss-webrtc/dtls$201.0%7Csort:date/discuss-webrtc/Dsq_14_WoUk/U2vFXSYlCgAJ
https://security.googleblog.com/2018/10/modernizing-transport-security.html

So, it seems like endpoints that don't support DTLS 1.2 will soon be the
ones "encountering interoperability issues".

Not sure whether a change to draft-ietf-rtcweb-security-arch or an update
in draft-ietf-tls-oldversions-deprecate is better.

thanks,
Rob