IETF Logo Mail Archive

Re: [TLS] How are we planning to deprecate TLS 1.2?

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 03 March 2023 21:04 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99DF4C151AEF for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 13:04:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id STAQUUTdz_qz for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 13:04:49 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3b.welho.com [83.102.41.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 371E9C151AE7 for <tls@ietf.org>; Fri, 3 Mar 2023 13:04:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 46ADD1564F for <tls@ietf.org>; Fri, 3 Mar 2023 23:04:46 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id gXxbxyC7dT4X for <tls@ietf.org>; Fri, 3 Mar 2023 23:04:46 +0200 (EET)
Received: from LK-Perkele-VII2 (87-94-129-82.rev.dnainternet.fi [87.94.129.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 218B27A for <tls@ietf.org>; Fri, 3 Mar 2023 23:04:45 +0200 (EET)
Date: Fri, 03 Mar 2023 23:04:44 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <ZAJg7FhGopk0IVVr@LK-Perkele-VII2.locald>
References: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com> <CABcZeBORp+jpXe6pU+7bhn7wXwRuzvCiyjdYMf_nWkwt7jhpDw@mail.gmail.com> <CAMjbhoXzB_g9rdZxCD_+TU-t2ax-Fzo4eV9ycHn3Us5+FfKtRQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAMjbhoXzB_g9rdZxCD_+TU-t2ax-Fzo4eV9ycHn3Us5+FfKtRQ@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ba8isBLR42UpxkhjnhWVViIev8Y>
Subject: Re: [TLS] How are we planning to deprecate TLS 1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2023 21:04:50 -0000

On Fri, Mar 03, 2023 at 09:37:48PM +0100, Bas Westerbaan wrote:
> >
> > And of course, we really
> > don't want to have to do major work on TLS 1.2, e.g. for Post-Quantum.
> >
> 
> More to the point, I'd say the post-quantum transition is the
> natural moment to move from ≤1.2 to 1.3.

Agreed.
 
> (TLS 1.2 and earlier are vulnerable to PQ -> classical downgrades
> during the transition because of CurveSwap like attacks.)

I would say that much more severe problem is that TLS 1.2 group shares
are too small and the rest is not even close to how KEM operates. So
one would need to pretty much redefine the entiere key exchange, which
is not a good idea.

Whereas TLS 1.3 group shares can be large enough, offering the trivial
extension to post-quantum.



-Ilari

v2.23.0 | Report a Bug | By Email