Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Rob Sayre <> Mon, 07 October 2019 17:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B97A012087C; Mon, 7 Oct 2019 10:29:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fYiJTBqrBoSF; Mon, 7 Oct 2019 10:29:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 562FA12088E; Mon, 7 Oct 2019 10:29:42 -0700 (PDT)
Received: by with SMTP id c25so30330372iot.12; Mon, 07 Oct 2019 10:29:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S4W5wx4y52t4Rr23iNL4Dt6d6Uwbb5mETE9c222oruY=; b=bsrvGuB6oQAoxkXzuouUvZ+fHYVuJ26pkAzW6fKGVbDyaFnl+zZjhjf/0ekuFEX7so zhrDeNfOAsuUiHhFkccT6GFJ+7j2DuYSk9vOqDhbf0WdhIdqCZmv+SV8ZS5cZNqaCnch QaQCNx/e4syn/UJhZM5XvuThDilg+x6uqUhBDJ0LHwSTiv69Wz8DWdTFAdkcc0qC60s8 PCLoKtZUeVjd/UWZ2EnMK72/+9vh7wN/kLuYQCNMZ8jb7H85DNsxai/zGJ65oMj21KNV o9lS26ZAnTziQs3Q9/7r6Ql48ildmbMJay9YeQgXVdqGNMgRo2Q8cAEP2zZWvuLXgwrQ G0PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S4W5wx4y52t4Rr23iNL4Dt6d6Uwbb5mETE9c222oruY=; b=fsQauwXyZUSGtGnc2DNFNfnNyJMrKp1iPamh16wwOXr2+aRJqfxZhZw4orKgilmnz8 YJBxre5HAbeJ0LJoT7yzm26WM0Gwta59UskajjcQz5sirCwl9VX7yiaUsL89pacfLKbc KVrECFHyfblkPgFTDOk/fxZTrJqeQeA2ClH2Sm7jule6FSctFVpA/cjQn+jbAv0GTrde 4rNC9aru8K6FbYM31sZ4aDI5HZN8y3JzEuXUCPXpAJjaUU/h5SA8//pPmlk9aqJkhBNl hh5dsr2aw3UfxKaS7pGtgp+RFk3xWnz0zQex6QLaQ/g/UQ+J3rEKK5tbZSHYBqYeSCqt SJWQ==
X-Gm-Message-State: APjAAAV45Pwgae1Sx1XVy1VgB14O6Pjs30Gd1G5rTlmKjAdJsLzMJZIe 6TmtRiIDdy0CN9xo4UfqDf72Ep3FwNiyvVvtWjE=
X-Google-Smtp-Source: APXvYqyH8Om21uXWamrfVvZ04/xQZMttEAd1xO8wS3fdDGV7bpxuhPwc42YPyipEUMlVK/TgWXKSnshgtQIIEZlkcac=
X-Received: by 2002:a5e:8902:: with SMTP id k2mr7758158ioj.49.1570469381423; Mon, 07 Oct 2019 10:29:41 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Rob Sayre <>
Date: Tue, 8 Oct 2019 00:29:29 +0700
Message-ID: <>
To: Eric Rescorla <>
Cc: Cullen Jennings <>, "" <>, Sean Turner via Datatracker <>, IESG Secretary <>, "" <>, John Mattsson <>, Benjamin Kaduk <>
Content-Type: multipart/alternative; boundary="0000000000009c49b50594556594"
Archived-At: <>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 Oct 2019 17:29:47 -0000

On Mon, Oct 7, 2019 at 1:25 AM Eric Rescorla <> wrote:

>>>> It seems strange to put DTLS 1.0 (based on TLS 1.1) into new documents.
>>> A few points.
>>> 1. It doesn't pull it in. There's no reference and there's just an
>>> informative statement.
>> Shouldn't there be an informative reference?
> To what?

Hi, I missed this response. This discussion seems a bit tedious, but

1) it doesn't seem like a particularly valid claim to say that the document
"doesn't pull" in DTLS 1.0 when the rationale for that claim is a missing
2) if "DTLS 1.0" remains in the document, I /think/ the document should
cite RFC 4347, and maybe the updates to it. But, perhaps there's a chain of
unstated dependencies in these documents, and I've only noticed the latest

This thread also has some other unusual claims:

On Tue, Oct 1, 2019 at 7:34 PM Stephen Farrell <>
> we can't "UPDATE" an I-D.

Not true. If you need to refer to something that's been IESG-approved but
still in the RFC queue, you can leave a note for the RFC editor to update
the reference to the eventual RFC number.

On Wed, Oct 2, 2019 at 8:17 PM Sean Turner <> wrote:
> You can change the text, but I do not believe it will change the

If true, changing the text would seem to be uncontroversial.

Anyway, leaving strange text like this DTLS 1.0 stuff in the webrtc
document is one thing (although I'm surprised the IESG allowed it).
Claiming that a document like draft-ietf-tls-oldversions-deprecate can't
update documents from a concluded WG is another.

If the IETF can't get consensus on actually deprecating DTLS 1.0, maybe
something similar to the text from draft-ietf-rtcweb-security-arch should
be added to draft-ietf-tls-oldversions-deprecate.

"Earlier specifications required DTLS 1.0. Endpoints which support only
DTLS 1.2 might encounter interoperability issues."

That would seem to subvert the point of the draft--I think this is the
point that the original post in this thread was making.