Re: [TLS] Products supporting TLS 1.0 & some other high-level questions
Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 06 October 2014 05:28 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C9C91A1B33 for <tls@ietfa.amsl.com>; Sun, 5 Oct 2014 22:28:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.472
X-Spam-Level:
X-Spam-Status: No, score=-3.472 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786, URIBL_RHS_DOB=1.514] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q_TvMe5SwHJV for <tls@ietfa.amsl.com>; Sun, 5 Oct 2014 22:28:23 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93C1E1A1AFE for <tls@ietf.org>; Sun, 5 Oct 2014 22:28:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1412573303; x=1444109303; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=fSM7ZOAreuajCapoW0S0w/2aRjX5EWJ1dBFVgQjHkfE=; b=manSLZIuzW0srtin0GCnCBRWLAzEPY5RWM17yMrynUD8UPvU28xm+VC1 n2TbsLptC6suAdOkjf2cEQd9GhAlTTTfplEqb4aq+D1laNEg2kA8rQG6v bDgfhaC3ypn5hMtQdE10jCpso8f0oowcFYZaXI2wkBiI2r1TvjaFg+h2W U=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="280689009"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 06 Oct 2014 18:28:19 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.70]) by uxchange10-fe2.UoA.auckland.ac.nz ([169.254.27.86]) with mapi id 14.03.0174.001; Mon, 6 Oct 2014 18:28:19 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Products supporting TLS 1.0 & some other high-level questions
Thread-Index: Ac/hJlWqA3GJ5xtDTm6FwYAtMmIi/w==
Date: Mon, 06 Oct 2014 05:28:17 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9C228B@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/QTA8c0hioQwNCpqlye5pqOigXZ0
Subject: Re: [TLS] Products supporting TLS 1.0 & some other high-level questions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 05:28:26 -0000
Eric Rescorla <ekr@rtfm.com> writes: >On Sun, Oct 5, 2014 at 7:22 PM, Watson Ladd <watsonbladd@gmail.com> wrote: >> Is the prefered path >> -Adoption of TLS 1.3 >> -Adoption of TLS 1.2+session_hash fix >> -Indefinite support for TLS 1.0 plus multiple, not widely deployed fixes. > >As a practical matter, we're likely to get at least the first two and >probably all three. You forgot one important word: eventually. TLS 1.1 + add-ons we've got now. TLS 1.2 + session hash fix is still a work in progress after six years (eight if you take it back to the draft versions, which were mostly implementable even then). TLS 1.3, which should really be called TLS 2.0 because there are so many fundamental changes, could take a decade or more (based on the 1.2 timeline) to see widespread deployment. I'm sure Google will rush it out in Chrome and bundle it with HTTP 2.0 (at least they're calling that 2.0 rather than pretending it's still a 1.x version) because it's of benefit to them, but for non-browser use you're going to see a long tail worthy of the Midgard Serpent. So I think you'll end up with a split, "TLS for browsers" (1.3 a.k.a. 2.0) and "TLS for everyone else" (1.1 or maybe 1.2). Peter.
- [TLS] Products supporting TLS 1.0 & some other hi… Watson Ladd
- Re: [TLS] Products supporting TLS 1.0 & some othe… Eric Rescorla
- Re: [TLS] Products supporting TLS 1.0 & some othe… Salz, Rich
- Re: [TLS] Products supporting TLS 1.0 & some othe… Peter Gutmann
- Re: [TLS] Products supporting TLS 1.0 & some othe… Carl S. Gutekunst