Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

"BRUNGARD, DEBORAH A" <db3546@att.com> Fri, 04 December 2020 14:20 UTC

Return-Path: <db3546@att.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4CF63A0D78; Fri, 4 Dec 2020 06:20:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.808
X-Spam-Level:
X-Spam-Status: No, score=-1.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eijUtLXK3euL; Fri, 4 Dec 2020 06:20:04 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A16DE3A0D76; Fri, 4 Dec 2020 06:20:04 -0800 (PST)
Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.43/8.16.0.43) with SMTP id 0B4EDiEM021423; Fri, 4 Dec 2020 09:19:56 -0500
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049459.ppops.net-00191d01. with ESMTP id 3574yn22qb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 04 Dec 2020 09:19:55 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0B4EJsF5029095; Fri, 4 Dec 2020 09:19:54 -0500
Received: from zlp27126.vci.att.com (zlp27126.vci.att.com [135.66.87.47]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0B4EJlrR028995 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 4 Dec 2020 09:19:47 -0500
Received: from zlp27126.vci.att.com (zlp27126.vci.att.com [127.0.0.1]) by zlp27126.vci.att.com (Service) with ESMTP id 18D29403072E; Fri, 4 Dec 2020 14:19:47 +0000 (GMT)
Received: from MISOUT7MSGEX2CC.ITServices.sbc.com (unknown [135.66.184.218]) by zlp27126.vci.att.com (Service) with ESMTPS id DD5DA4030729; Fri, 4 Dec 2020 14:19:46 +0000 (GMT)
Received: from MISOUT7MSGEX2BD.ITServices.sbc.com (135.66.184.211) by MISOUT7MSGEX2CC.ITServices.sbc.com (135.66.184.218) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Fri, 4 Dec 2020 09:19:45 -0500
Received: from MISOUT7MSGETA01.tmg.ad.att.com (144.160.12.221) by MISOUT7MSGEX2BD.ITServices.sbc.com (135.66.184.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4 via Frontend Transport; Fri, 4 Dec 2020 09:19:45 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.45) by edgeso1.exch.att.com (144.160.12.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2044.4; Fri, 4 Dec 2020 09:19:41 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H7nCPz+e4HxFXdtPAOVPNQhevb7vSwh9O5TVa2jKZXiXHPOHsUuEKPeOGGSVzO16aLYWmHuj/BoGXZyFwogAT37qnRf4hPqW2cbSuo7tT6k2BQdbxhGm7412lxBDmtm+C1nSkQ8lvj/kuhM5cRbnme8SZ3xyeZ+KURmvF7rcRcJLtRxbkNXE9iVtnjf/JV/jYJhHuWA8InznlYxUbNCzzmCwmQ1QNZ0TvE7HHx0eWQzrk2qINWbRLJ3944sdpLDvaYbqT7Dhnh9eOW1RxIMRrcRIAthFJVUhcCGUT284i1NgsM+A3D9gYtBK16l3LYaJ/OrMJotfIWa0NNHl1GGbwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nIyL7DtIBFTQ8frNJpYbfOCFl5FnfIog0AN1XdIgxb8=; b=TJVkwvf9W8oZfdM+Ov/HisFj35mFLhuFnqk7pYHrmNZL0oLtFQbGcPKVTjPfTs6M/FEBHpteChg8W6QfguR/0DMiwX0c2Bh40dXfpojuL8nGxa3JA7R1+zFuk4rxUaybqUt5AvVR5HG8viMggIkeq/v4nLyPMaEGyGVS59qQp3zb00NsOAMXjBP1DrZ+vu7itvTnHvc+zBn3vkAjgHxpAHZqAB/x/SlU6GN93RwWFCnpewo3MCQI9U7/3xbOpFgqSbZmXgw0Noc7aAZF79ED8tyaHXf6HMXbBxWfL8cePMA15vuGhWlmuK/wgFPobtH6lxyW5Nu2gCgLSdNjC15igA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nIyL7DtIBFTQ8frNJpYbfOCFl5FnfIog0AN1XdIgxb8=; b=Cm+22PWJo12pU85+Ul1MclfXJhZj2Se+4T7BhtwdyWo80Ej9baF2qWZNlJB2ZK2yeJHyYOFOz7wZ0anOKklrRL7O+c/9zY1jm7OxjoYq3Gdw9c6ZgHfeGbRYopJJsk+tQOAmIce8ABTGIi4NftHcwVn4OIxT0MaP1U8pBR+8p3U=
Received: from MWHPR02MB2464.namprd02.prod.outlook.com (2603:10b6:300:42::10) by MWHPR02MB2368.namprd02.prod.outlook.com (2603:10b6:300:5a::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Fri, 4 Dec 2020 14:19:39 +0000
Received: from MWHPR02MB2464.namprd02.prod.outlook.com ([fe80::9f2:8120:8012:7e35]) by MWHPR02MB2464.namprd02.prod.outlook.com ([fe80::9f2:8120:8012:7e35%5]) with mapi id 15.20.3632.018; Fri, 4 Dec 2020 14:19:39 +0000
From: "BRUNGARD, DEBORAH A" <db3546@att.com>
To: Rob Sayre <sayrer@gmail.com>, "Ackermann, Michael" <MAckermann@bcbsm.com>
CC: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "STARK, BARBARA H" <bs7652@att.com>, Watson Ladd <watsonbladd@gmail.com>, "draft-ietf-tls-oldversions-deprecate@ietf.org" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Thread-Index: AQHWx3lO3jBP8tjHHUin1CCFkGcWCqnhaGuAgACRcICAAF4BAIAACK+AgAFAr4CAAALMAIAARE+AgAAWqgCAAAqnAIAAH7qAgABFcYCAARKrAIAAG8WAgABADqCAAG9XgIAAIhuAgACOqyQ=
Date: Fri, 4 Dec 2020 14:19:39 +0000
Message-ID: <MWHPR02MB246499F35613820D45EB55AAD6F10@MWHPR02MB2464.namprd02.prod.outlook.com>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <1606814941532.76373@cs.auckland.ac.nz> <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com> <SN6PR02MB4512D55EC7F4EB00F5338631C3F40@SN6PR02MB4512.namprd02.prod.outlook.com> <1606905858825.10547@cs.auckland.ac.nz> <EEFAB41B-1307-4596-8A2E-11BF8C1A2330@cisco.com> <BYAPR14MB31763782200348F502A70DA4D7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512B95842251AE4C04B199CC3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <BYAPR14MB31765FD24F4DFD90F81AEE2BD7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512CBA9E4BF6AAC778BC674C3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <DM6PR14MB31789349B737961728B7691ED7F30@DM6PR14MB3178.namprd14.prod.outlook.com> <CACsn0ckvoqZ5-JPRkOXp2Mw2zeTOdyCYLvX1NV1waJ-yidTwMQ@mail.gmail.com> <SN6PR02MB45129E647485BA5794D5CF4EC3F20@SN6PR02MB4512.namprd02.prod.outlook.com> <MWHPR02MB2464CD5D5B7568E9EAC58B26D6F20@MWHPR02MB2464.namprd02.prod.outlook.com> <DM6PR14MB3178EC0521427BF7C3523CACD7F10@DM6PR14MB3178.namprd14.prod.outlook.com>, <CAChr6SzvQK+exfgYEwfVNknMjr-Y-UJ4A7k0DkOkL9wmLQ84aQ@mail.gmail.com>
In-Reply-To: <CAChr6SzvQK+exfgYEwfVNknMjr-Y-UJ4A7k0DkOkL9wmLQ84aQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=att.com;
x-originating-ip: [144.161.160.61]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5bb6f104-037c-42d4-6796-08d8985fa328
x-ms-traffictypediagnostic: MWHPR02MB2368:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MWHPR02MB2368173924541795A9F0C816D6F10@MWHPR02MB2368.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2582;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: n//tAx6R32TEGjPvfHJSByP7UkxZW+cZw4GNSpMWbp9qbdULjnlvgVwSQq6oSySuu94v0EvXQ4xORY/fiGH64P6J8rIoOlt0jwe22N5k91m2y9MdTkYQbdDBf3BtGnDUtDBpAAjmuWRFmdS5M+TJ7i2TdSGsP5BXdBM8FW7Vog8rN+5qdAnjByZldWq1ug39wPtp0ecZf9BFZbRUsCKIH4GI83HUfgOk6MtcYPaqa4NNjWnm+t32Tg4pY5xFW8OZEWMUfUK4YfMrLXNalq54ufZyKLiCspaeulcvTbtMSyVv+hVro5/zUxmm36PxnxjSphrtnqw37tkRK8tBvPmZdCtXquJbg/Ekq3zFQn2qolE6jWu9Y/8q9NHqoq6KNobN9D3Lati2NzSQZCwPeAj5cQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR02MB2464.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(366004)(39860400002)(396003)(346002)(2906002)(478600001)(7696005)(6506007)(33656002)(166002)(316002)(83380400001)(8676002)(8936002)(186003)(86362001)(54906003)(110136005)(82202003)(26005)(53546011)(66556008)(4326008)(52536014)(64756008)(91956017)(55016002)(5660300002)(76116006)(66476007)(66446008)(66946007)(966005)(71200400001)(9686003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?LzZZUVI5QlRsdHRoUk5KNEd6RkNwVU11U3FDQnhXOE5XcG4vOGJ6UVZsbkVE?= =?utf-8?B?STV6dG5Td1BnYmJxVWdmTVB2SnBlUTczTFEyMHlUOUNLVDJ4VnF0Y1RVNTl3?= =?utf-8?B?R0kwaThCOGtoRHozdTBrbXo1K2NSSGo2SjRrOXdFWThxd3BQSFA3UENxSm1w?= =?utf-8?B?Zms5aC9tVkNtcTF5Q3B1Y005dTQ2L1dnK3BLUUdHUGx2NmdjdmhnZXBHUUF0?= =?utf-8?B?REFoQ1BFZTdLR2ZJaTlDK1lobDJiTmtHdytlRE95TU5kOXJxcXhyVy8rVmJ1?= =?utf-8?B?eVl6VFlVTitmcngwQi9FVytTU29HazNQRGIyd1hTb09IRkxudFFEVTAvUzRa?= =?utf-8?B?eWtzelhLeGxYRzFnU0VQTjl3Vzc0cHRmQVRRNjFqZUVyZ0VvRzZ2T2NVT3Qy?= =?utf-8?B?QldzZUFOL2krYUVYUFVzZkVqMUR0VVNnUk5EelYycWljTkp2cjdRT3d3d1FH?= =?utf-8?B?T1orb1FLaG91WEpMdDFFU2NhOWdFK3lNMkVPZGJ1VVZ5bW10SXZEaHhHOWVw?= =?utf-8?B?NXNkZ1ZlRldreWhYZWZDaDBDWWlEOG1IcmJRREZaV2JJc2xGcGFDdVpOTjRu?= =?utf-8?B?MTJaT2VETVB1UGVCSmQvSjIxR3haRlFxbjA4N0thSTVUZEFnTXkxZmoyTnVN?= =?utf-8?B?U21leUo3b2t4ZVVPcHAzN0dnYTZCa0hTdmJuUW9VcmJ5OVB4NFB6d3lrSlAr?= =?utf-8?B?Y1pjSklDbGV2eE9VTDFCTmRrVkNDZFFrSXA5L21Gd2hvOFZ4Mmd0ZnhMOUFQ?= =?utf-8?B?Zkx2ektDRzFnNFZ5RGIwSjR2ck5BT3VFNlJJVGFPWEJ5aDJRaGFlbzQ3M1hl?= =?utf-8?B?bHk5YWcvZjh3NDhnWTBZL29GbmFPMmtjVDJhUGhVUEJBTjY2WDhwTFd3S255?= =?utf-8?B?cjAzeFhRcFlVTjQzWGpjNjFadXRhUFFYMENtS25xQm4zbmQ5aHF3cWI1cHpq?= =?utf-8?B?NjJ6R28vWXRFSWpGSW5yWnp5dTBqWkYwT2FxSzhURjkxRWd5NnBnUUw1cmJq?= =?utf-8?B?WE5rQ3lYNUc5V0N4MENHbzdhdHhJaWwyMW9CR2F5aHU2MzJCZjZEQjRKaUc2?= =?utf-8?B?MVlxMkpyNERJNjhreENCSWRYNkJycXc2eE5KaGpod1E0YnYxL2hBVXJqZUVO?= =?utf-8?B?Tk9zNU1COE9WWEN3SDZ5WFQyQzRGeGpidXI2TElWTElxN0FhMGF0NW1PSHM4?= =?utf-8?B?NHY3bkRjYzArTnpjMGZvUnlrT015Y3A4cW9HMkl2WlhXaXZPQWVGcVd2WUZD?= =?utf-8?B?allSQ3M3cXFhY2x2eUNmd0w0QXI2Z3pzNm5DNy9MOGc3cVgwT3c2QWRmdGUv?= =?utf-8?B?ZjBjdVd0QXhnS0tFcW9rVXNZa3IwaVp3bTZEZzlpZjZMK0YwdVlhTU5RQVZr?= =?utf-8?B?c3M5K2htSVFUaWc9PQ==?=
Content-Type: multipart/alternative; boundary="_000_MWHPR02MB246499F35613820D45EB55AAD6F10MWHPR02MB2464namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR02MB2464.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5bb6f104-037c-42d4-6796-08d8985fa328
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2020 14:19:39.8924 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lHzORniOKCatyN3l1WwFG8eD9yjOjSGGRy/8R2B1WvlAaKPWq9SAYvYCYdHnU+Vu
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR02MB2368
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: 91461612AAFB2F2C964E3F30A11F2C5EC3C570BD434DD1F0DF0F269A8E08A3B72
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-12-04_04:2020-12-04, 2020-12-04 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 suspectscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 spamscore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 phishscore=0 malwarescore=0 bulkscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012040081
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HZS0IEppA0q_lH0Aoo27zk4DAiQ>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 14:20:08 -0000

As Stephen said, couldn’t resist, first cup of coffee-

That’s always the question of the day- what is an operator, vendor, researcher?

I know “academia” on this list that have more operational experience than some in operator communities. We know in big companies there are so many people - but not necessary interested in ietf. And people switch - few are “lifetime” at a company. To me, no hats, just want more input.

My point (I think Mike also) is simply to get more involved, earlier if possible in our rinse cycle to RFC.

Deborah

________________________________
From: Rob Sayre <sayrer@gmail.com>
Sent: Friday, December 4, 2020 12:33 AM
To: Ackermann, Michael
Cc: BRUNGARD, DEBORAH A; Eliot Lear; Peter Gutmann; STARK, BARBARA H; Watson Ladd; draft-ietf-tls-oldversions-deprecate@ietf.org; last-call@ietf.org; tls-chairs@ietf.org; tls@ietf.org
Subject: Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Hi,

What is the definition of “enterprise”?

Thanks,
Rob

On Thu, Dec 3, 2020 at 7:48 PM Ackermann, Michael <MAckermann@bcbsm.com<mailto:MAckermann@bcbsm.com>> wrote:

Deborah

Thanks so much for your informative and positive message.

I have not followed the OPs area too much, but will make an effort to do so now.   Any specific drafts you might suggest, I will review.   In particular,  I am interested in what specific IPv6 document from the OPs area you refer too?



I took a look at the ISOC IPv6 doc you listed.   Interesting but it appears to be quite old.   Do you feel it is still relevant?    Enterprises need a lot of info on IPv6 and I want to point them in the most effective directions.

By increasing visibility, do you mean ways to get Enterprises more involved or aware of IETF?     I can sadly say none that have yet been effective, but I do intend to keep trying.   Perhaps you have ideas?



And finally, I checked out your Pragmatic Link.  Still laughing, even though it unfortunately seems to have very little relevance to my world 😊



Once again I really appreciate your constructive comments and  information.



Mike



-----Original Message-----
From: BRUNGARD, DEBORAH A <db3546@att.com<mailto:db3546@att.com>>
Sent: Thursday, December 3, 2020 5:10 PM
To: STARK, BARBARA H <bs7652@att.com<mailto:bs7652@att.com>>; 'Watson Ladd' <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>>; Ackermann, Michael <MAckermann@bcbsm.com<mailto:MAckermann@bcbsm.com>>
Cc: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>>; 'Eliot Lear' <lear=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>>; 'last-call@ietf.org<mailto:last-call@ietf.org>' <last-call@ietf.org<mailto:last-call@ietf.org>>; 'tls-chairs@ietf.org<mailto:tls-chairs@ietf.org>' <tls-chairs@ietf.org<mailto:tls-chairs@ietf.org>>; 'draft-ietf-tls-oldversions-deprecate@ietf.org<mailto:draft-ietf-tls-oldversions-deprecate@ietf.org>' <draft-ietf-tls-oldversions-deprecate@ietf.org<mailto:draft-ietf-tls-oldversions-deprecate@ietf.org>>; 'tls@ietf.org<mailto:tls@ietf.org>' <tls@ietf.org<mailto:tls@ietf.org>>
Subject: RE: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice



[External email]





As Barbara builds her confidence for the IETF list and while we have Mike's attention-



Mike, you commented "More, it is a lack of understanding of how things work within Enterprise Networks and the lack of Enterprise engagement in Standards Development processes. And finally, this may not be a gap that the IETF should care about or address, but someone should, IMHO."



I wanted to +1 on to Barbara's message - many of us will say - "we do care". As IETF is "huge" (for many operators/users that is the biggest bottleneck on participating), not sure if you follow the ops area (I'm a routing AD, but ops always has my attention😊), they have several documents on enterprises. Currently a document on the impact of TLS1.3 on operational network security practices. They also have an IPv6 one. I think in all the Areas (I know best the routing area), we encourage operators and users to participate. If you have suggestions - we are interested.



How to increase visibility? Do you have suggestions? Liaisons? ISOC? When RFC7381 (Enterprise IPv6) was done, it was an ISOC blog:

https://www.internetsociety.org/blog/2014/10/new-rfc-7381-enterprise-ipv6-deployment-guidelines/<https://urldefense.com/v3/__https://www.internetsociety.org/blog/2014/10/new-rfc-7381-enterprise-ipv6-deployment-guidelines/__;!!BhdT!zmG3F1slksg8AtkdGf3Lkkb9Lpbn1ePVRYSyQggUh92yK8Xb7tvzVDr-EG6n_mk$>



Possibly this draft should be a blog? Suggestions?



Thanks again for the interesting thread- Deborah for some humor - I'm still stumbling on the draft's requirement "Pragmatically, clients MUST NOT send". I'm not sure operationally how to ensure pragmatic client behavior - maybe a "pragmatic client" profile😊 I'll save that question for my ballot comment. And of course a google of pragmatic is very entertaining:

https://www.google.com/search?q=pragmatic&tbm=isch&source=iu&ictx=1&fir=UnkLahjDGGZYtM%252C2VmBAP_98FtW_M%252C%252Fm%252F0c6h9&vet=1&usg=AI4_-kQHPVOk9B-3gfzcXUP1bBCiuOQ5TQ&sa=X&ved=2ahUKEwjxqN-W1rLtAhXKhK0KHWuFBGYQ_B16BAgrEAE#imgrc=WzKrFQWEFvjiWM<https://urldefense.com/v3/__https://www.google.com/search?q=pragmatic&tbm=isch&source=iu&ictx=1&fir=UnkLahjDGGZYtM*252C2VmBAP_98FtW_M*252C*252Fm*252F0c6h9&vet=1&usg=AI4_-kQHPVOk9B-3gfzcXUP1bBCiuOQ5TQ&sa=X&ved=2ahUKEwjxqN-W1rLtAhXKhK0KHWuFBGYQ_B16BAgrEAE*imgrc=WzKrFQWEFvjiWM__;JSUlJSM!!BhdT!zmG3F1slksg8AtkdGf3Lkkb9Lpbn1ePVRYSyQggUh92yK8Xb7tvzVDr-fyEbAVg$>







-----Original Message-----

From: last-call <last-call-bounces@ietf.org<mailto:last-call-bounces@ietf.org>> On Behalf Of STARK, BARBARA H

Sent: Thursday, December 3, 2020 12:03 PM

To: 'Watson Ladd' <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>>; 'Ackermann, Michael' <MAckermann@bcbsm.com<mailto:MAckermann@bcbsm.com>>

Cc: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>>; 'Eliot Lear' <lear=40cisco.com@dmarc.ietf.org<mailto:lear=40cisco.com@dmarc.ietf.org>>; 'last-call@ietf.org<mailto:last-call@ietf.org>' <last-call@ietf.org<mailto:last-call@ietf.org>>; 'tls-chairs@ietf.org<mailto:tls-chairs@ietf.org>' <tls-chairs@ietf.org<mailto:tls-chairs@ietf.org>>; 'draft-ietf-tls-oldversions-deprecate@ietf.org<mailto:draft-ietf-tls-oldversions-deprecate@ietf.org>' <draft-ietf-tls-oldversions-deprecate@ietf.org<mailto:draft-ietf-tls-oldversions-deprecate@ietf.org>>; 'tls@ietf.org<mailto:tls@ietf.org>' <tls@ietf.org<mailto:tls@ietf.org>>

Subject: Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice



Ow! Mike is my friend. Don't go dissing my friend!



I think the problem in communication we've just experienced is because Mike strayed away from Last Call discussion on a specific document, to asking/discussing a more general question of how IETF can better communicate with enterprises and perhaps even engage with enterprises to make it easier to operationalize protocols inside enterprise networks. I didn't see Mike suggesting any changes to the draft in Last Call, relevant to this question. ?



I'd like to suggest that maybe we could discuss this a little more on the ietf list? But not here.

I'll see what happens if I start a thread over there (ietf@ietf.org<mailto:ietf@ietf.org>) ...

Barbara



[Let me drum up my courage first. Thinking about posting to that list is much more stressful to me than, for example, thinking about bungie jumping off the Macau Tower -- an experience I highly recommend.]



> > Barbara,

> > Thanks.

> > And I think I was aware of all you state below regarding TLS, and

> > apologize

> for any related confusion regarding IPv6, even though, for the

> purposes of my comment, they are similar.

> >

> >

> > I don't disagree with anything you say on the TLS subject,  which is

> essentially that prior versions of TLS may be considered insecure,

> etc.  and should be deprecated.....

>

> Shouldn't we publish a document saying that? It seems this would

> represent consensus, even your view of the issue.

>

> >

> > My associated point is that Enterprises are generally not aware of

> > this and

> that it is not currently on our Planning or Budget Radars.

>

>

> TLS 1.2 has been around for how many years? All versions of OpenSSL

> without support have been EOL for some time. How many other CVE remain

> to be found in them? FIPS, PCI etc are all very clear that old TLS is

> going away. Browsers have supported TLS 1.2 for years. So has Windows.

> This depreciation should be easy given the extent of support for TLS

> 1.2.

>

> I bet that most services you run are already using TLS 1.2 or even 1.3

> because the client and server have been updated.

>

> > Further, this means we are potentially years from effectively and

> operationally addressing such issues.

>

> Let's be about it.

>

> >    And we must do so in conjunction with Partners, Clouds, Clients

> > and

> others.

> > And my general, overall point is that the answer to addressing the

> > above is

> to find way(s) of making Enterprises aware and possibly assisting with

> methods of addressing.     I think I also said this  problem is not unique to TLS

> or IPv6.      More, it is a lack of understanding of how things work within

> Enterprise Networks and the lack of Enterprise engagement in Standards

> Development processes.

> > And finally, this may not be a gap that the IETF should care about

> > or

> address, but someone should, IMHO.

>

> Your argument against the current text seems to be the following: we

> have a problem. It is inconvenient for me that you will ask me to deal

> with the problem. Therefore I would like the problem to not be

> acknowledged.

>

> Perhaps I am being too uncharitable. But I fail to see how softening

> the language eases depreciation, or what the consequence you fear

> happening are. You're free to continue ignoring the RFC series. But

> reality does not go away if it is ignored.

>

> Sincerely,

> Watson Ladd

>

> >

> > Thanks

> >

> > Mike

--

last-call mailing list

last-call@ietf.org<mailto:last-call@ietf.org>

https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/last-call__;!!BhdT!1mNyW_HOYqxvO6jkrkE01zLoel9zrEb9Om34gLPLPqvikiDKKm4gJz3zSSrsDXk$<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/last-call__;!!BhdT!1mNyW_HOYqxvO6jkrkE01zLoel9zrEb9Om34gLPLPqvikiDKKm4gJz3zSSrsDXk$>


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.

Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.

--
last-call mailing list
last-call@ietf.org<mailto:last-call@ietf.org>
https://www.ietf.org/mailman/listinfo/last-call<https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/last-call__;!!BhdT!zmG3F1slksg8AtkdGf3Lkkb9Lpbn1ePVRYSyQggUh92yK8Xb7tvzVDr-iB4nfYQ$>