Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Yoav Nir <ynir.ietf@gmail.com> Thu, 21 May 2015 17:47 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C89A1A0199 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 10:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0JhPNvqDonkX for <tls@ietfa.amsl.com>; Thu, 21 May 2015 10:47:35 -0700 (PDT)
Received: from mail-wi0-x243.google.com (mail-wi0-x243.google.com [IPv6:2a00:1450:400c:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 101131A0194 for <tls@ietf.org>; Thu, 21 May 2015 10:47:35 -0700 (PDT)
Received: by wivz2 with SMTP id z2so2386457wiv.0 for <tls@ietf.org>; Thu, 21 May 2015 10:47:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EybbphnqA09pUGM0fzgsqUWNeYaFSrHcOgAjqKpr+9M=; b=XBAWqoDizJMoyWOhaMjNAFPnF9/gw7fbQrhnHXBTaleIoFGb7Lv3mhW6jOAgEse0+M skXzqereGqo6e9n71h3gbzWIgoWSXeT9m9uGHwtI2kukfu2Y6wgkL1vPnB51jUIc3GJS YF6/K+snaWm+PgfokdnJwDCQe/QdwEyyqYGNAgsXRHFVLqHkm+m+IfXyXxIVuFwy32v2 rjTXOvPgIUQao+9uuMIDcexAvgMOx879rp3nGJondhFOg1Dzud3+ph/QfADw4X/owZFI g+uuTa14+IA/v+54+5afWSzWitNHPb8MrrUJbxI7XNxQtKrMh+GgHfFJWfI1Yr6tVBpw jYig==
X-Received: by 10.180.77.195 with SMTP id u3mr8587419wiw.30.1432230453801; Thu, 21 May 2015 10:47:33 -0700 (PDT)
Received: from [192.168.1.17] ([46.120.13.132]) by mx.google.com with ESMTPSA id um5sm33162857wjc.1.2015.05.21.10.47.32 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 21 May 2015 10:47:32 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <201505211210.43060.davemgarrett@gmail.com>
Date: Thu, 21 May 2015 20:47:30 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <38D583BF-DFD0-4EFF-83D7-33FB3E2507D7@gmail.com>
References: <201505211210.43060.davemgarrett@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/K9ljAAiedKEa2hlhsNBKpzaI_DQ>
Cc: tls@ietf.org
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 17:47:36 -0000

> On May 21, 2015, at 7:10 PM, Dave Garrett <davemgarrett@gmail.com>; wrote:
> 
> I was going to hold off on suggesting this due to other topics dominating the list, but we might be in a kill-the-old-junk mood due to the latest old-junk vulnerability, so...
> 
> Old versions of TLS need to be phased out at some point (even the one we're designing now), however the current modus operandi is generally to wait until a catastrophic breakage forces everyone into a panic disable. I'd like to at least try to do better prior to the next time. I'd like to propose giving servers & clients different expectations as a transitional measure:
> 
> 1) No general change to current TLS other than pointing to the UTA BCP from time to time.
> https://tools.ietf.org/html/rfc7525
> 
> 2) For TLS 1.3, add a blurb to the effect of:
> "Server TLS implementations supporting TLS 1.3 or later MUST NOT negotiate TLS 1.0 or TLS 1.1 for any reason.

Is this needed for interoperability, or is this just a good idea that you want to slap a MUST on?

It’s the latter. It belongs in a BCP, not in the protocol document, and that is where it already is. It’s not the IETF’s job to make deployment decisions like that.

Yoav