Re: [TLS] Deprecating SSLv3
Martin Thomson <martin.thomson@gmail.com> Sat, 22 November 2014 00:29 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A6741A90F9 for <tls@ietfa.amsl.com>; Fri, 21 Nov 2014 16:29:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u_3UC4qnSeK9 for <tls@ietfa.amsl.com>; Fri, 21 Nov 2014 16:29:29 -0800 (PST)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 943051A90F8 for <tls@ietf.org>; Fri, 21 Nov 2014 16:29:29 -0800 (PST)
Received: by mail-ob0-f182.google.com with SMTP id m8so4851387obr.13 for <tls@ietf.org>; Fri, 21 Nov 2014 16:29:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rt0RkJzCSPzc0KcXlSmEgyub/K8wf4zIBdv0ZlDkyT8=; b=J3mzQvo3hd3CeE7wAcaRS/bdLt9/jIHyN1zeX/mbEE5s8scY6r13r/TQHgr3W14fpZ xt6P0j1ztixJv1rbQ35xbq4Hc+gxjVemNe/SQYGSV3t/C6QsNXR0fsUuhIGrpp+o5aOu z5Q9Kc0a2MjTOAR3mQGJg3lFrlOyek87OaqDYFIceeGsEqlG3pNmc37ZEIux/pu9khgW 6hgxKT1zlHuILluqJf4zUQ9yWtPKqdviFLJkjOSn+a2aCyF/W9UftePqpukusuELlGtW Qo9UYt+/zDQqsxWHmNYINBYFjd42ZXEJAVA7WZOtM7m2zcuqpSG5RC0LpCCPi0wDiB3w Elzg==
MIME-Version: 1.0
X-Received: by 10.202.188.6 with SMTP id m6mr4656723oif.26.1416616168888; Fri, 21 Nov 2014 16:29:28 -0800 (PST)
Received: by 10.202.115.4 with HTTP; Fri, 21 Nov 2014 16:29:28 -0800 (PST)
In-Reply-To: <CALR0ui+1e8pm+67Pn3LV_Pw2Ma1K7c2egWf=m7amDck9fAn62A@mail.gmail.com>
References: <CABkgnnWw9zsrqQzHVU0vXLJM+HBK3QYxJAZE+0kgGkEQEzwS=w@mail.gmail.com> <5462714E.5020201@polarssl.org> <CABkgnnUm=6TriH9UU-Uv8_rWt_CEvW1Xy8P_955ryFCvn3mWOA@mail.gmail.com> <1193984696.9333579.1416162106243.JavaMail.zimbra@redhat.com> <CALR0uiLfH-p9EbGF_=J8XMEuMczMsZJMfECKDt5E0Q9BBEpDOQ@mail.gmail.com> <1416584605.18312.21.camel@dhcp-2-127.brq.redhat.com> <CALR0ui+1e8pm+67Pn3LV_Pw2Ma1K7c2egWf=m7amDck9fAn62A@mail.gmail.com>
Date: Fri, 21 Nov 2014 14:29:28 -1000
Message-ID: <CABkgnnUsOh=4FFiahH4__SGj8ke39g2x0DJBTRruuNFgNHqY5Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Alfredo Pironti <alfredo@pironti.eu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/OHc7246jIEY4b-7RgdJFnR8Djgk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deprecating SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Nov 2014 00:29:31 -0000
On 21 November 2014 12:35, Alfredo Pironti <alfredo@pironti.eu> wrote: > My understanding is that MUST NOT is the way legacy protocols usage is > prohibited, see for example SSLv2 deprecation [2], which uses a very similar > terminology. Of course closed systems will be free to ignore this document > and still negotiate SSLv3 (or v2, for that matters). But yes, I'd claim the > whole purpose of this draft is to outlaw (and encourage to update to TLS, > not to retrofit to plaintext) open systems that connect to the Internet. Yes, I would be sad if we couldn't say anything more definitive about the use of TLS on the big 'I' Internet. People are of course welcome to use rot13 to protect their proprietary communications, noting that they won't remain proprietary long if they do. The same applies here. I merged Alfredo's text, and though I've proposed some minor grammatical changes, you can see the results live here: https://unicorn-wg.github.io/sslv3-diediedie/
- [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Matt Caswell
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Manuel Pégourié-Gonnard
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Stephen Checkoway
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Alfredo Pironti
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Ronald del Rosario
- Re: [TLS] Deprecating SSLv3 Alfredo Pironti
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Kurt Roeckx
- Re: [TLS] Deprecating SSLv3 Salz, Rich
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Kurt Roeckx
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Manuel Pégourié-Gonnard
- Re: [TLS] Deprecating SSLv3 Watson Ladd
- Re: [TLS] Deprecating SSLv3 Nico Williams
- Re: [TLS] Deprecating SSLv3 Yoav Nir
- Re: [TLS] Deprecating SSLv3 Bill Frantz
- Re: [TLS] Deprecating SSLv3 Nico Williams
- Re: [TLS] Deprecating SSLv3 Henrick Hellström
- Re: [TLS] Deprecating SSLv3 Yuhong Bao
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex