Re: [TLS] Fixing TLS

Peter Gutmann <> Thu, 14 January 2016 00:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 3D8B01A9067 for <>; Wed, 13 Jan 2016 16:14:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nGzXK8frsenA for <>; Wed, 13 Jan 2016 16:14:52 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E833D1A906A for <>; Wed, 13 Jan 2016 16:14:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1452730492; x=1484266492; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=jzrx/ka5l2+ZrJY9A2PbPYDWtw9LFNZMd9ekd4XsfWU=; b=WvXUhwUlOPMZQnNxzQHAS1UMkm3ieoeeivvVRfDINDlUCkp3H8Qegh/t +mG0jGqzE7evVSo69mEtw7E3uWgEYml82apPLX4w1PQTlsA18mE1gWDmt 1P8zO9Z6ohqC77aaa/4vDdMWogI5XiIwAiyAH28R4bjWe4++hYrwSzke1 gVbVRUaAEHZDkY9qjWzAOFZ8L4lTjdn/hkuD9kp3xu+S0nfr031DzRXTU edqw2P4PK+P2+HKrKg2rw2yX0F403saVN6hZtSx4PNQgzF/LQeDIAij45 YePWjM0ev9mgcdU1GWdJ3gMEKuqppiEOpd0158Z2ec2N64LiiA2LFIZGH g==;
X-IronPort-AV: E=Sophos;i="5.22,291,1449486000"; d="scan'208";a="63021515"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 14 Jan 2016 13:14:50 +1300
Received: from ([]) by ([]) with mapi id 14.03.0266.001; Thu, 14 Jan 2016 13:14:49 +1300
From: Peter Gutmann <>
To: "Salz, Rich" <>, Hubert Kario <>, "" <>
Thread-Topic: [TLS] Fixing TLS
Thread-Index: AdFNQhHrFy3mVBx6TGiPN32I/iztzf//Ww+AgAFZaKb//zG9AIAArXmAgADjpcP//zPZAIABkT2/
Date: Thu, 14 Jan 2016 00:14:48 +0000
Message-ID: <>
References: <> <> <>, <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [TLS] Fixing TLS
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Jan 2016 00:14:56 -0000

Salz, Rich <> writes:

>> TLS needs an LTS version that you can just push out and leave to its own
>> devices
>So don't you have that with TLS 1.1 and appropriate cipher and option

That's the approach suggested previously by Peter Bowen, assemble it yourself
from a huge list of extensions.  The problem there is that you're after a
fixed, known-good config drawn from the maybe 10 extension-RFCs you'd need to
cover (from Peter's post + a few extra to cover new things), I don't want to
go through all of those and count up the possible options but I'm pretty sure
I'd need to resort to special notation to express the magnitude of
combinations once you plug them into the nCk formula.

Based on the feedback I've had, I'm kinda tempted to do a TLS 1.2 LTS draft
that specifices just a single boolean flag, "use this known-good configuration
and not the 6.023e23 other ones and you should be good for the next decade or
so".  That can then be baked into long-term systems and devices and left alone
while people get on with other things.

(Speaking of feedback, still got a bucketload of private email to respond to,
 including stuff from people I didn't know where on the list any more, turns
 out there's a lot more reading than writing, I'm working through it...).