Re: [TLS] RFC8446 backward compatibility question

Richard Barnes <rlb@ipv.sx> Thu, 05 August 2021 20:47 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC8CC3A087D for <tls@ietfa.amsl.com>; Thu, 5 Aug 2021 13:47:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbECGA3slCZq for <tls@ietfa.amsl.com>; Thu, 5 Aug 2021 13:47:35 -0700 (PDT)
Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 210883A086E for <tls@ietf.org>; Thu, 5 Aug 2021 13:47:35 -0700 (PDT)
Received: by mail-qv1-xf33.google.com with SMTP id kk23so3042631qvb.6 for <tls@ietf.org>; Thu, 05 Aug 2021 13:47:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=11bVasLEe2QdMLUYXsGOmpLQ+CwaraA+Uh9+nZV6JzU=; b=hs7TRHpPOG6h6i51LzUEXsQbrwoASAIFObecJsHWZExHJsbZVXqiESyKaRav473TYW +IbJfH+0Q5+69k52mwlNA2no4YbzYRBMtY5F/tcelN19wO+lm+leTqJ14Dk56HEwVgaG fwUxE8AQF91TTZ8IBmzW/cLzSdknl99pXLGTi4HMSlDUMMs9vk3Q422BQ6+zN8hA1SJm uo6VZlj06Y6NB7LsRGSW2u6HC8O8EfPOiBjfju9nNlYEZ1bDsW1Y6pBZ7M71ALH9JZuf 5hmFQrCNTGlDK+L24+l0olKim17EGmpFsJk62FG5SpPYoRD4e/K8+uCZIiFkeSpMAMMb p9+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=11bVasLEe2QdMLUYXsGOmpLQ+CwaraA+Uh9+nZV6JzU=; b=CLp/xfF6yIcV9+kUilQhdksmDFbafupkb5njjLg0jxO0YzuG4S0yAcTUKqwNUlJy7w 3zIid/SqfZrGk4ACi3qM+lUdzah7u7NBjiWVmnrljuHFieShbI0FgNiiPsyDQDrsKe2I awskrelXg8nhbX9dsJnQ3XkpS7u1deE/EC/d4UMLXb4qgRuTlKc3SNF/GPhDQEjTqW4Q eR4gzfvgrUhcYGvYKMYcWp85hIv2CsN0627a7W+ProA6J03JFaUFV5y+D91jIaq1lIab ya4gwhPZ0dNR1SWEfLq28BGJJzxVZtK4WTXYtr+wepa89u+J6B5KZ5W4lT42qmghPQ37 xF4Q==
X-Gm-Message-State: AOAM532c65fcB+mdcuRbqWuemr+fgGkv/1JRULzNhs/bDmDu4Dc9fQNb G4uIogNeQB2K1Gi2vDjAAeeFsNwRKGgh16wkw7zKZHfQEKU=
X-Google-Smtp-Source: ABdhPJxaiMJqVLxiCQVxX2xbzXk9BjJeT7dBEKKv2qfTcm8OccwP/qDGVPjCZhZPtIAZ7yzMC6wnCyWkE5jxY/Q9O/4=
X-Received: by 2002:a0c:ea91:: with SMTP id d17mr7438630qvp.0.1628196453282; Thu, 05 Aug 2021 13:47:33 -0700 (PDT)
MIME-Version: 1.0
References: <20210805204355.GB57091@faui48e.informatik.uni-erlangen.de> <CACcvr=k1uHawbNk=fR_nOHXmEH8B56FuiOGK0nZB+HkvV_X5-g@mail.gmail.com>
In-Reply-To: <CACcvr=k1uHawbNk=fR_nOHXmEH8B56FuiOGK0nZB+HkvV_X5-g@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 5 Aug 2021 10:47:21 -1000
Message-ID: <CAL02cgQUtnYQjJJn2=C9Zo+t=aQNTXnLJ+_PWnB=jp0qsM+ogA@mail.gmail.com>
To: Nick Harper <ietf@nharper.org>
Cc: Toerless Eckert <tte@cs.fau.de>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000039045b05c8d607e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/H83F-Qz-gRD95INHj317RI53U98>
Subject: Re: [TLS] RFC8446 backward compatibility question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 20:47:41 -0000

For example, the mint TLS 1.3 library only supports 1.3.

https://github.com/bifurcation/mint

On Thu, Aug 5, 2021 at 10:46 AM Nick Harper <ietf@nharper.org> wrote:

> Yes, backward compatibility is optional.
>
> On Thu, Aug 5, 2021 at 1:44 PM Toerless Eckert <tte@cs.fau.de> wrote:
>
>> I am trying to figure out if every implementation compliant with
>> RFC8446 is also necessarily interoperable with an RFC5246 peer, or if this
>> is just a likely common, but still completely optional implementation
>> choice.
>>
>> I could not find any explicit statement that backward compatibility
>> with RFC5246 is mandatory (but i just was doing browsing/keyword search
>> over RFC8446). COnditional text such as:
>>
>> "implementations which support both TLS 1.3 and earlier versions SHOULD"
>>
>> make me think that TLS 1.2 backward compatibility is just optional.
>>
>> Thanks
>>     Toerless
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>