IETF Logo Mail Archive

Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation

Simon Bernard <contact@simonbernard.eu> Fri, 27 September 2019 15:56 UTC

Return-Path: <contact@simonbernard.eu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB57C12094E for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 08:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QynzTRBLccka for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 08:56:55 -0700 (PDT)
Received: from 8.mo68.mail-out.ovh.net (8.mo68.mail-out.ovh.net [46.105.74.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9814B1208AB for <TLS@ietf.org>; Fri, 27 Sep 2019 08:56:55 -0700 (PDT)
Received: from player746.ha.ovh.net (unknown [10.108.57.139]) by mo68.mail-out.ovh.net (Postfix) with ESMTP id 98A4414509D for <TLS@ietf.org>; Fri, 27 Sep 2019 17:56:53 +0200 (CEST)
Received: from simonbernard.eu (134.163-14-84.ripe.coltfrance.com [84.14.163.134]) (Authenticated sender: contact@simonbernard.eu) by player746.ha.ovh.net (Postfix) with ESMTPSA id C95B5A69C6C5; Fri, 27 Sep 2019 15:56:49 +0000 (UTC)
To: Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: "TLS@ietf.org" <TLS@ietf.org>, "saag@ietf.org" <saag@ietf.org>
References: <03B5BDAC-5B17-47B2-85D0-225DCCABDC42@ericsson.com> <CADZyTkk-6CST3ExXsNb=35+t+SH9igaNuN9ToehES5sqTxAUsQ@mail.gmail.com>
From: Simon Bernard <contact@simonbernard.eu>
Message-ID: <c899e8ab-5c4e-dc2b-8751-965658532150@simonbernard.eu>
Date: Fri, 27 Sep 2019 17:56:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CADZyTkk-6CST3ExXsNb=35+t+SH9igaNuN9ToehES5sqTxAUsQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------BFCCFBF68655DCF6985B967F"
Content-Language: en-US
X-Ovh-Tracer-Id: 3550243884170557530
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedufedrfeeigdelfecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PsbrHq82fjiI5Py4KYKu9ZuM7Vc>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 15:57:00 -0000

Hi,

   My 2 cents, I think a kind of overview page with status about 
protocols, ciphers an others would helps a lot. Something near of what 
is done in https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher
   This would be the page to know to be updated about security 
deprecation and planned obsolescence.
   If API was available to query this data, it could maybe be used by 
tools like : https://www.ssllabs.com/index.html

Regards,
Simon

Le 26/09/2019 à 15:50, Daniel Migault a écrit :
> Thanks for raising this discussion John, we have been struggling with 
> this in curdle as well and ipsecme. This is also a topic that I 
> believe would be useful to improve the security.
>
> One aspect is that some implementers go to the IANA pages and believe 
> that everything on the pages is acceptable. I believe that it would be 
> worth adding some status associated to the code points. Currently, in 
> most cases a reference is associated to the code point. In some cases, 
> the reference is the RFC or document creating that created the code 
> point in other cases, the reference could be the RFC that deprecates 
> the code point. There is no specific rules, and that is probably 
> something that would worth being clarified. That being clarified, I 
> still believe that it could be useful to have a some sort of 
> indication like a column that indicates whether the code point is 
> deprecated or not. This may involve additional terminology depending 
> on the level of information needed.
>
> Another aspect would be to have software automatically checking which 
> are the code points status. This would of course only solve one side 
> of the problem as a device may end up on becoming silent, but that is 
> probably what should occur to non maintained devices.
>
> Yours,
> Daniel
>
>
> On Thu, Sep 26, 2019 at 8:18 AM John Mattsson 
> <john.mattsson=40ericsson.com@dmarc.ietf.org 
> <mailto:40ericsson.com@dmarc.ietf.org>> wrote:
>
>     Hi,
>
>     Hopefully, we have learned some lessons from the TLS 1.0 and TLS
>     1.1 deprecation. TLS 1.0 and TLS 1.1 are (to cite Martin Thomson)
>     broken in a myriad subtle ways and should according to me
>     optimally have been deprecated years ago.
>
>     3GPP mandated support of TLS 1.2 in Rel-13 (2015) but could at
>     that time not forbid use of TLS 1.1 as that would potentially
>     break interoperability with some Rel-12 nodes (that had TLS 1.2 as
>     should support). The lesson 3GPP learned from this was the need to
>     as early as possible mandate support of new protocol versions.
>     With TLS 1.3, 3GPP took action early and TLS 1.3 support was
>     mandated for network nodes in Rel-15 (2018) and for mobile phones
>     in Rel-16 (2019).
>
>     At some point in time we will want to deprecate TLS 1.2. To enable
>     that, TLS 1.3 support should be mandated or encouraged as much as
>     possible. I would like to avoid a situation where we want to
>     deprecate TLS 1.2 but realize that it cannot be done because some
>     implementations only support TLS 1.2. How can IETF enable smoother
>     and faster deprecations in the future? The browser industry has a
>     decent track record of algorithm deprecation and I hope to soon
>     see the following warning in my browser:
>
>     “TLS 1.2 is obsolete. Enable TLS 1.3 or later.”
>
>     Other industries have less stellar track records of algorithm
>     deprecation.
>
>     How can IETF be more pro-active regarding deprecations in the
>     future? In the best of words, nobody should be surprised when IETF
>     deprecates a protocol version or algorithm. NIST and similar
>     organizations in other countries have the practice to long time in
>     advance publish deadlines for security levels, algorithms, and
>     protocol versions. Can the IETF do something similar, not just for
>     TLS but in general? For TLS, there are several things to
>     deprecate, in addition to MD5 and SHA-1, also PKCS1-v1_5,
>     RSA-2048, 224-bit ECC, ffdhe2048, and non-recommended cipher
>     suites (Static RSA, CBC, DH, NULL, etc.) should be deprecated in
>     the future.
>
>     Cheers,
>     John
>
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org <mailto:TLS@ietf.org>
>     https://www.ietf.org/mailman/listinfo/tls
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email