Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Eric Rescorla <ekr@rtfm.com> Sun, 06 October 2019 18:27 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B458A120074 for <tls@ietfa.amsl.com>; Sun, 6 Oct 2019 11:27:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S52fsXyBZjgj for <tls@ietfa.amsl.com>; Sun, 6 Oct 2019 11:27:42 -0700 (PDT)
Received: from mail-lf1-x141.google.com (mail-lf1-x141.google.com [IPv6:2a00:1450:4864:20::141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8FA1120048 for <tls@ietf.org>; Sun, 6 Oct 2019 11:27:41 -0700 (PDT)
Received: by mail-lf1-x141.google.com with SMTP id u3so7666902lfl.10 for <tls@ietf.org>; Sun, 06 Oct 2019 11:27:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=a+QAMxMopmJi+OKppZ7b0WFyxfqmShZWnzf8TWTrcVY=; b=Lz1BsxaID12KjnenYR0R9N2+GqamBWMrqg3GHxitDAPmp4e1pRQ3qf00pGKwTOELU8 q6vqsR/WfEiUVXQYio0JvJXr22EgL9UWVnrRYwd49zgKLC7H55oILSLFCehyWK6fqdtc Fhak2oT9DfmKdvCf3e4yHvE0C2kgQ8aGv13FvTHXbubk1MmAsDomM/h04msglPkPBp4j BWislSImbWh/57qn6KEnc50XItHvMqlGUv6raRD653ZI3LnJekLwB24c3KsnSKqp/e8L DI/zuIGNL8zjhcABpBzpH0rNFAhFKbL5tS6RAkFGT3S0v2Jak+lhxzZiInu0+7WD7n29 splw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a+QAMxMopmJi+OKppZ7b0WFyxfqmShZWnzf8TWTrcVY=; b=qRUEfdleliNJ7J+G4glFFHqQ2GgNOLpsBEv7ZM5cb+SbO5jXK59RJbRHQ7A9ZB2Dll 2RMyhI279x/tMnazSw+V8EkFzCSzEImQtqIfxf6k6C53enZzkyD4v3UKlMcv38MFeuni 3BVhiznxCkBnZccKkqcOxqblipvZm25wSN8e0wzft0RCqW1b2p9pS47oD1ylmcrjexbl KWP7JEtx3l5HNgatnJeoZyHN+Jbh+UShlRuzZnhYSXraEtdCsZUhlzb8wYVbIBdQ/+2N B9P5dDAnj+S0mKEpmfY2MQ2KWTfTbUVxOPO99QwTz6qgEay6u6ebjh4n921OW6ngvpzS kysA==
X-Gm-Message-State: APjAAAVw200forSRJ1z9bfpLZrZpdssmCG4qlK6PnEHQt+0bv1jLwsOA UjLy7KJtdNkWL+9ppnOlwB67Koup64WJX9vp0zbkhg==
X-Google-Smtp-Source: APXvYqxGPWuVhuUyX962ipAB/4AfebRr22JBpLKXDtGOO4o1MIzxlGPfDojyGLyl5cnQculXotA5ec29lNkWUuU6QxI=
X-Received: by 2002:a19:6a09:: with SMTP id u9mr6155868lfu.91.1570386460215; Sun, 06 Oct 2019 11:27:40 -0700 (PDT)
MIME-Version: 1.0
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com> <149BDA3C-14CF-459F-90D4-5F53DBEF9808@iii.ca> <CAChr6Sx4AVjkoKWiD2-cT2ZBNg=mKzeOX603gVs0f7vQ_FgN7A@mail.gmail.com> <CABcZeBNOVOBifOSnWdxSDTLizUUUn6ctLrBT43CHK+4B7KWGiQ@mail.gmail.com> <CAChr6SzT3GqmidPbmVjmrZX=u1UpBee4e8K2C-zHuNHEqgB7uQ@mail.gmail.com> <20191006164205.GW6722@kduck.mit.edu>
In-Reply-To: <20191006164205.GW6722@kduck.mit.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 6 Oct 2019 11:27:03 -0700
Message-ID: <CABcZeBO7iy49oxWzZM+AxLwRgnpiM-BnEUiwCPyo_6jzQvTLKg@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Rob Sayre <sayrer@gmail.com>, Cullen Jennings <fluffy@iii.ca>, "tls@ietf.org" <tls@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, draft-ietf-rtcweb-security-arch.ad@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001f23da05944217e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BT1qmq9d_pDYt09WEWIjjd0sT0Q>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Oct 2019 18:27:45 -0000

On Sun, Oct 6, 2019 at 9:42 AM Benjamin Kaduk <kaduk@mit.edu> wrote:

> On Fri, Oct 04, 2019 at 09:57:53PM +0700, Rob Sayre wrote:
> > On Fri, Oct 4, 2019 at 9:48 PM Eric Rescorla <ekr@rtfm.com> wrote:
> >
> > >
> > >
> > > On Fri, Oct 4, 2019 at 7:43 AM Rob Sayre <sayrer@gmail.com> wrote:
> > >
> > >> On Fri, Oct 4, 2019 at 9:08 PM Cullen Jennings <fluffy@iii.ca> wrote:
> > >>
> > >>>
> > >>> I do not think you have consensus for that change to WebRTC - it was
> > >>> discussed extensively. ...
> > >>>
> > >>
> > >>  While that may be true, readers of this list might want to read a
> > >> rationale, rather than just the results of a negotiation. Is there a
> > >> rationale somewhere?
> > >>
> > >> It seems strange to put DTLS 1.0 (based on TLS 1.1) into new
> documents.
> > >>
> > >
> > > A few points.
> > >
> > > 1. It doesn't pull it in. There's no reference and there's just an
> > > informative statement.
> > >
> >
> > Shouldn't there be an informative reference?
>
> I think that's largely a question for the sponsoring AD (CC'd) and the RFC
> Editor.
>
> >
> > > 2. There is a rationale. In fact, the relevant text pretty much is all
> > > rationale.
> > >
> > >    All Implementations MUST support DTLS 1.2 with the
> > >    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256
> > >    curve [FIPS186 <
> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#ref-FIPS186>]t;].
> Earlier drafts of this specification required DTLS
> > >    1.0 with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, and
> > >    at the time of this writing some implementations do not support DTLS
> > >    1.2; endpoints which support only DTLS 1.2 might encounter
> > >    interoperability issues.
> > >
> > >
> > Yes, I read this section and I was wondering what the rationale was for
> the
> > text: "endpoints which support only DTLS 1.2 might encounter
> > interoperability issues." Is there some data behind this? I'm not
> > suggesting a change in the draft without more information, but I do
> wonder
> > how the WG came to agree on this text.
>
> My assumption (I was not following the work) is that it was a well-known
> fact among implementors at the time that some large implementations only
> implemented DTLS 1.0.


Yes, though I don't have data on it.


Accordingly, "might encounter interoperability
> issues" is a bland uncontroversial fact, in that context.  It's not clear
> to me that we are adding much value revisiting the rtcweb WG's decisions
> over here on the TLS WG without getting input from rtcweb about why they
> put it that way in the first place...
>

Fortunately, the WGs share a chair, so perhaps that chair could provide the
minutes, etc. :)

-Ekr


> -Ben
>