Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

John Mattsson <john.mattsson@ericsson.com> Wed, 02 October 2019 14:45 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADEFF1200CE; Wed, 2 Oct 2019 07:45:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbZGlb9HDw09; Wed, 2 Oct 2019 07:45:12 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80088.outbound.protection.outlook.com [40.107.8.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8C681200B6; Wed, 2 Oct 2019 07:45:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nvmq99ePRke6toMhAhf+WrW5QUnslhxVB16OTu8RMPHGHF8OYa61kD0RdKnyYjvXX2gz6oGVQlzT7Ot8/hQr1mDWYzc4ciN1hZWAdWrHqMZM5XefqOH7/QR+IeaFKFGLWdU7n9IoIKdwtCx3XC0iY2wDPOgIW4ZZfVTZn9feC4cQgbn05GM22ypiMl9a22cq8PE2bKWLhLXnjJIcIWk0YQcSBhOwwuJzC1WayUhq3MyCpwRRUTrpa++gNnznMQep1npxXxSnIVB0aElNqbdu0ADvBzn7mWT6ll8StJVEp8P4efa6XCJfN6iDexT5zG2azaMQlI+SNGhl/FyMI2L4Qg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k8HKnh7f8FvCncxW8ti0IdU+HvUWr1sPThZ0w+w97ss=; b=C8GuBre7Iamfty2haHhX8U9kMyo8whYli+PAFrhi0OnUDhAgV/RiENRyBa9HBqnda9xXON2C9SKTV6FPS+aq44wflACFQdGcXzV+R401La2O1qUSYIb7eG1KvY6fYm5dD00vf4JRdrLZoWSeConX+OLwrI7FnnuUZpgwV1Alm9L7jUE3TMQeKO/TvFzDXOw+TW1ZfKfB1VISJgT2QN1ewa+cyGrvT+N+yyZE+HdXdHn9YptAvUuFfhFvf2or2fvjeFymHBoCmJ3ZLr8NWkxFqaRA7hnq2fKIytu0jo1Zx8ED9Ff/EMUmkuXUykiGMkSjnRfjzgXZ3f1yuvqh3XNRTA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k8HKnh7f8FvCncxW8ti0IdU+HvUWr1sPThZ0w+w97ss=; b=mVpovkZih61wJwwkFxIjxbwqyvhCqMejTbuPg39DV8bGqsQLkpR4pD69fFtlomVCZ8qVKkLZBZ5lDeR6cUJjniJeDX3P45iX64tGAUiMTmAwsu/i6rTzzVjeZ1gNVZh50RHRARqosUI+1I2DMJq7oA9f7xHmp4fxlMf5moqWZzw=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3132.eurprd07.prod.outlook.com (10.170.242.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.15; Wed, 2 Oct 2019 14:45:08 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2305.017; Wed, 2 Oct 2019 14:45:08 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Sean Turner <sean@sn3rd.com>
CC: Sean Turner via Datatracker <noreply@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, IESG Secretary <iesg-secretary@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
Thread-Index: AQHVLbNwka9w/WHllUqjsaoZBuXNvKdGI6+AgACqmwCAAR2pgIAAAOyAgAA5OQA=
Date: Wed, 2 Oct 2019 14:45:08 +0000
Message-ID: <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com>
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie>
In-Reply-To: <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fb3366c8-df7d-4292-817e-08d747471f36
x-ms-traffictypediagnostic: HE1PR07MB3132:
x-microsoft-antispam-prvs: <HE1PR07MB313253DE75CB378BE24C2B3D899C0@HE1PR07MB3132.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0178184651
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(376002)(396003)(39860400002)(346002)(51444003)(189003)(199004)(6512007)(6436002)(186003)(256004)(76176011)(4326008)(305945005)(6506007)(7736002)(6486002)(6246003)(102836004)(446003)(99286004)(476003)(2616005)(486006)(11346002)(44832011)(26005)(33656002)(5660300002)(36756003)(54906003)(8936002)(81166006)(81156014)(6116002)(71190400001)(3846002)(58126008)(110136005)(316002)(296002)(66066001)(8676002)(86362001)(478600001)(25786009)(14454004)(76116006)(66946007)(14444005)(66476007)(2906002)(66446008)(71200400001)(64756008)(66556008)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3132; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: z3cDL0fRWymXpy9RV3vNhgNHmLRyWLLpW/rBP5Lel0eY7u0Ct5L7INVnHrWBhMLuMJkShUrh6Vn9xSt/O3/5aKgZDtelB4TE/Qx9rI4Nnq9Ci6hxpERbPWxGiojEDSL2wtUX/vUzBAuZUpPnUXl9rMx1pVpxGPAziPzjGyrprRKPxjebT0JHrPTGEY1aducO+FvjAIFEtrlvStRJO9WugrOIv1bDKvkzp9ZzRQpX49UMel9jcKLwOhU26BVoMWSNT+tqXV+omGrIacw5ObQNanhH6Y20KLyDaF+ULrOpHU5RntaWyZkqegSUJ4OFuIoPDAvbputH59uEmgcqfPn/AyJ50/sJrrxH1UJ7alFmFpsDFWcQjfMP8lNJOu/IeBjbbGnlJkJ/KH8uEIMnDzs+dt1Nj9hC63759qjTbCi7HlM=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E8B3CBF0D4FE9C489094172C29EBB808@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fb3366c8-df7d-4292-817e-08d747471f36
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2019 14:45:08.6981 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rsvZhXfwQIy3FdEAViGjjPX/jdqQn5vt19g5ZSNNS7ix6I/uRN8jkMb4JJQd8lgRgsalauf3pxggGdAjyKbyzovtqv3wKteXyX8jKFS+H44=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3132
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ChGO7EgnaCzVPZa7Fm_nWF-szyY>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 14:45:15 -0000

Hi,

Sean Turner wrote:
> "You can change the text, but I do not believe it will change the implementations."

I would much rather have a future proof RFC that forbids negotiation of DTLS 1.0 with the knowledge that some implementations will temporary violate that, than having an RFC that long time in the future allows negotiation and use of DTLS 1.0.


Eric Rescorla wrote:
> "result of some pretty extensive discussion and compromising in rtcweb"

That does not surprise me, but I think that is part of the problem. These things should mainly be decided by the TLS working group. Draft-ietf-rtcweb-security-arch mandated DTLS 1.0 until Nov 2018. That is half a year after the "Deprecating TLSv1.0 and TLSv1.1" draft was submitted and almost 7 years after DTLS 1.0 was made obsolete.


No matter what is done in this particular case, I think the important thing to discuss is how we avoid drafts that only support obsolete versions of TLS/DTLS in the future. According to my understanding of the comments in the thread "Lessons learned from TLS 1.0 and TLS 1.1 deprecation", both me, Kathleen Moriarty, and Martin Thomson understands obsoleted as:

"New implementations and deployments MUST include support of the new version".

If this is not clearly defined somewhere, I think it needs to be specified. If it is specified somewhere, IETF needs to make sure to follow apply it.

Cheers,
John