Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

John Mattsson <john.mattsson@ericsson.com> Sat, 05 October 2019 12:32 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9952C1201DE; Sat, 5 Oct 2019 05:32:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJ67AD5DO6Kq; Sat, 5 Oct 2019 05:32:08 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130083.outbound.protection.outlook.com [40.107.13.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 671C712016E; Sat, 5 Oct 2019 05:32:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ChDCgxdOq2MEzizf8cgK9zKSA3dp0wG7p+dC+vJ/fQSuB6wi0stc7gOcyhMCFrMaLReCOvQh3+24rzqcxMVOpvropBw47kHeRsb4q8xEOVwuGFlABaDJHCuJ2/YwKUFCgaQ244WNwWDqU7rLk7Z3z+Ipj4qFTMuSBX+lB+3tU5xBLjcPIUoOe826I6Ac1cLEBwD7CjiIhbk89eZX2dZuFvbxBydM9Z4gIAoAjUGmpxFUsY6O2vtBo6b7MWte7J2ZAC7DcBciJSsmiHwnnnXEoqbyEVXFtWkT2syRGOqcxIwL5EyVqEnL7BJ/99cb66SotB49XsO73AjCJ4Iu5aUkZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VJ77zHms5YfDvim4lJ4yWnE6uYxFOKj6OHVVwVdOE30=; b=FRjKFwozZMZVDYT9pzkTqbbX4Y1gDhmZBZ8NnymGvMp9+s4qec43737It+F7Q15JJc8vlDmNTLy6UNq7IExkX3VEiRUuNeJqd87IFtPeE2o4ByyHE+RCw/KX+CFT/G4KnwSnmKR76EI4otjkqmEA5FjKdLZamoMJpAObzmflOIwCWJtPXZyRg8E3xaD1Jh0eUZSY3FK/Ig2eGseN2/M7oRsFFDnx8jgytzknIcfP/3l9qoXnm8GL+ABIC+U7eVzoT0jGgw4RS74BbVtQS+xM5Xn2ohoMvm2WqD69gwE6BDra1uJk88ZIQD5T660VdcEm6wF3uPUilejh9XgcNr063A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VJ77zHms5YfDvim4lJ4yWnE6uYxFOKj6OHVVwVdOE30=; b=UDElDmUPhSfFEx1z+SFNsRmwY1EMPmPhkvqP9TLO2p2hA4U4eTG79+REsG1ANodKQ1kY4djN2V1P5eCQB92bXcakryFupnbH/7KbGHliltHkxDrzWpFJvg3alszVYyu7Q/2QpQEqGq3sz/tt4KpvKJ5XzQmESzH8FKzmc0F9PUg=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3260.eurprd07.prod.outlook.com (10.170.247.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.7; Sat, 5 Oct 2019 12:32:05 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2327.021; Sat, 5 Oct 2019 12:32:05 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Sean Turner <sean@sn3rd.com>, Sean Turner via Datatracker <noreply@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, IESG Secretary <iesg-secretary@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
Thread-Index: AQHVLbNwka9w/WHllUqjsaoZBuXNvKdGI6+AgACqmwCAAR2pgIAAAOyAgAA5OQCAAg8aAIACgrcA
Date: Sat, 5 Oct 2019 12:32:04 +0000
Message-ID: <54213F5A-4778-4B27-8E19-FD581281B110@ericsson.com>
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com> <20191004001142.GF6424@kduck.mit.edu>
In-Reply-To: <20191004001142.GF6424@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d8838af5-3483-44b8-14ef-08d7499007c1
x-ms-traffictypediagnostic: HE1PR07MB3260:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <HE1PR07MB326007AFD59FDC338703428089990@HE1PR07MB3260.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0181F4652A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(39860400002)(366004)(396003)(136003)(13464003)(51444003)(199004)(189003)(4326008)(86362001)(186003)(26005)(66066001)(6506007)(2906002)(76176011)(53546011)(33656002)(5660300002)(2171002)(102836004)(8676002)(44832011)(6486002)(229853002)(25786009)(966005)(478600001)(81156014)(14454004)(81166006)(2616005)(6916009)(6246003)(99286004)(71190400001)(71200400001)(476003)(6512007)(6306002)(486006)(6116002)(446003)(3846002)(58126008)(11346002)(8936002)(6436002)(305945005)(54906003)(36756003)(91956017)(76116006)(66946007)(7736002)(64756008)(256004)(66446008)(66556008)(66476007)(14444005)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3260; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fT+6QkkNLp07SC2A7VhKGDJxxqiE0XHDjUXvsmckGt4gMwmRwyRKeMbdqRdZ3zw/YTdVhRzyUzrrWsxQviatCc4R0uLXCjcU8Ti5V5AzGwPKcJX5cSoL58/EGTQtlZZAfXrmLUVhmUWkuxyjoifjNotbKIkwidpJAj0ZNZLzCCuUA0egpyn6Ltp+z0Jj0YzNjKm0w8u3FyhswdVeP4lwiW8wiZT7ExQVmQizwKnkX7Kzg67T+51agoP7YEc7AGVsjlCio+UUdpV1IlXJKL8d/VWFEgKqp+Z3AP3smaS5gMnvSgr0SE/GEsqbCVXZYQmBATFZWgLGQih8UPB4HvEBBCldIGZMzRHNrIeZ/oIC5t/i5xDnlqqqDAMUSgxhJesZqTn2TIvmBJRwepd8CmA/LZJqZ0V34Ui4Hm+xB7pkrXyKJZjEInLayMQeY/OrIhDyLyWpBHByZ1OsrSwizaOLfw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <D2508259D223534FBF81728068FC57BE@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d8838af5-3483-44b8-14ef-08d7499007c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2019 12:32:04.9227 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eAeAsB0XAnlBe5Dq3Czs3HVkicdlAOEdWZNcYM/zBxX/fYSoKxwexYO+7UETRo4yxdhacYW1SslCRwOVSprTMGulh5UipWRvZIlEoOUGKqc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3260
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KSs4rlFMuJ6G8SlVVSfJ68oVEkc>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Oct 2019 12:32:12 -0000

Benjamin Kaduk <kaduk@mit.edu> wrote:

>> That does not surprise me, but I think that is part of the problem. These
>> things should mainly be decided by the TLS working group.
>
>How?  Just by publishing BCPs, or is the TLS WG also supposed to (e.g.)
>watch IETF LCs and complain about use of old protocol versions?

Just by publishing BCPs and standard track documents. Watching out for old protocol versions in other WG’s is not really the TLS WG’s job. Hopefully, everybody in the security area complain if they see use of obsolete versions or weak algorithms.

>> "New implementations and deployments MUST include support of the new version".
>>
>> If this is not clearly defined somewhere, I think it needs to be specified. If it is >specified somewhere, IETF needs to make sure to follow apply it.
>
>Even supposing everyone agrees on this, there seem to be some fencepost
>issues surrounding "new".  Is a protocol "new" when it gets published as an
>RFC, or at WGLC, or even earlier?  I have been pretty laid-back until now
>about requiring things coming in front of the IESG to pick up TLS 1.3,
>since for the most part they were in progress (including implementations)
>before TLS 1.3 implementations were readily available in production-grade
>form.  It's about time to tighten up on that, since it's been over a year
>since RFC 8446, but I'm not sure I fully understand where you want us to
>fall across these boundary conditions.

I fully agree. There are several boundary conditions here and any best practice can probably not be summarized on a single line. Tightening up requirement of new drafts to support TLS 1.3 now seems about right. There could probably still be exceptions, but they would have to be well motivated. 

/John

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Friday, 4 October 2019 at 02:11
To: John Mattsson <john.mattsson@ericsson.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>ie>, Sean Turner <sean@sn3rd.com>om>, Sean Turner via Datatracker <noreply@ietf.org>rg>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>rg>, IESG Secretary <iesg-secretary@ietf.org>rg>, "TLS@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

    On Wed, Oct 02, 2019 at 02:45:08PM +0000, John Mattsson wrote:
    > Hi,
    > 
    > Sean Turner wrote:
    > > "You can change the text, but I do not believe it will change the implementations."
    > 
    > I would much rather have a future proof RFC that forbids negotiation of DTLS 1.0 with the knowledge that some implementations will temporary violate that, than having an RFC that long time in the future allows negotiation and use of DTLS 1.0.
    > 
    > 
    > Eric Rescorla wrote:
    > > "result of some pretty extensive discussion and compromising in rtcweb"
    > 
    > That does not surprise me, but I think that is part of the problem. These
    > things should mainly be decided by the TLS working group.
    
    How?  Just by publishing BCPs, or is the TLS WG also supposed to (e.g.)
    watch IETF LCs and complain about use of old protocol versions?
    
    > Draft-ietf-rtcweb-security-arch mandated DTLS 1.0 until Nov 2018. That is
    > half a year after the "Deprecating TLSv1.0 and TLSv1.1" draft was
    > submitted and almost 7 years after DTLS 1.0 was made obsolete.
    
    Mandating (D)TLS 1.0 is not going to get past the IESG in 2018.  We can
    (and are) try to better communicate our expectations for this sort of thing
    to the WGs, but it seems unrealistic to expect a 100% success rate from
    them, since it's usually not the WG's core competency.  (See also
    https://protect2.fireeye.com/url?k=81062a4c-dd8ff05c-81066ad7-0cc47ad93e2a-1e749b7aef6efcb8&q=1&u=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fwgchairs%2Fdfe_5obSQm7YK7JzVbmc-MbXNmU .)
    
    > 
    > No matter what is done in this particular case, I think the important thing to discuss is how we avoid drafts that only support obsolete versions of TLS/DTLS in the future. According to my understanding of the comments in the thread "Lessons learned from TLS 1.0 and TLS 1.1 deprecation", both me, Kathleen Moriarty, and Martin Thomson understands obsoleted as:
    > 
    > "New implementations and deployments MUST include support of the new version".
    > 
    > If this is not clearly defined somewhere, I think it needs to be specified. If it is specified somewhere, IETF needs to make sure to follow apply it.
    
    Even supposing everyone agrees on this, there seem to be some fencepost
    issues surrounding "new".  Is a protocol "new" when it gets published as an
    RFC, or at WGLC, or even earlier?  I have been pretty laid-back until now
    about requiring things coming in front of the IESG to pick up TLS 1.3,
    since for the most part they were in progress (including implementations)
    before TLS 1.3 implementations were readily available in production-grade
    form.  It's about time to tighten up on that, since it's been over a year
    since RFC 8446, but I'm not sure I fully understand where you want us to
    fall across these boundary conditions.
    
    -Ben