Re: [TLS] Un-deprecating everything TLS 1.2

Christopher Patton <cpatton@cloudflare.com> Mon, 05 October 2020 14:21 UTC

Return-Path: <cpatton@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 495BA3A0B23 for <tls@ietfa.amsl.com>; Mon, 5 Oct 2020 07:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.298
X-Spam-Level:
X-Spam-Status: No, score=-3.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rru836cqOdZG for <tls@ietfa.amsl.com>; Mon, 5 Oct 2020 07:21:41 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A5F53A0B15 for <tls@ietf.org>; Mon, 5 Oct 2020 07:21:41 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id b69so5436482qkg.8 for <tls@ietf.org>; Mon, 05 Oct 2020 07:21:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hd2FwkOHoXq4ALxxrI044PWIG269S6k6fUgBE/87BGY=; b=jVD1zK2QBL6uwcvaCPaCk9H2gPo7d185XQ/ghiFJob7ZEDgqh6LF1hzze4LqydLIXR J/FB2d0yE3Kj6T5JUqHEcEy7WRdl1wfalBz9LPcSBRXKOQ0JME4lexxXNmclo4uhXomY hB8hK1pTraEEMTXYdklsK+YPuDThfwBuXKvvE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hd2FwkOHoXq4ALxxrI044PWIG269S6k6fUgBE/87BGY=; b=OBBPCUXB96zHfiJu6TNlsdlwDHvtv5D2l+xWfJUv/fuCDHZ4gFdoVjXV7NQhrWpQ5S 2vh01RCkCGNLFpkRcGuPWdw7Z4rJtJMIGfGzC2hgy1GA+yRSBkHlHqRzf1FMp2N6G4fm SM6BJXu3PXYUWE33i/h4hJUWn0j3LN8dVfWefr76J3O+43Ps0D/4ywXokv3zgyK1SmAT Vw6EDoBxmX7UrQZ4/5kvF8i1jAc/NZWq/Kqt/671Ce2TMyLLWTh370olnwCq3TCJ8Dog 795snLNP7Wcj4zNGZV7tbwam0UIdIqCw+/0td3dwNKWptf8nRhHFb2WZNwHTQ/Mk5nqO Xoog==
X-Gm-Message-State: AOAM533MefzYxYTJgdgE6NOXFDN0BxuZA2cFVT015YSb+924YEnl/NZS Noov9GkW9MP6JKqpdYMrJFh3NrrNZW44mab7vGD+cg==
X-Google-Smtp-Source: ABdhPJyPqDKLpIulr00VbAad6/bv5utJqMND7sZbH2Pficim3FjwPg6P78fZnjSFc1hODUsVcL9HpZWoZZxM7O8CDeQ=
X-Received: by 2002:a37:9c4f:: with SMTP id f76mr204034qke.250.1601907699083; Mon, 05 Oct 2020 07:21:39 -0700 (PDT)
MIME-Version: 1.0
References: <eb32ba5a-8ea7-efb7-584d-0d0521d16f59@pobox.com> <0E05019B-32FF-4A0C-9AB5-E25544CA952D@akamai.com>
In-Reply-To: <0E05019B-32FF-4A0C-9AB5-E25544CA952D@akamai.com>
From: Christopher Patton <cpatton@cloudflare.com>
Date: Mon, 05 Oct 2020 07:21:28 -0700
Message-ID: <CAG2Zi21fDe-i4VauFv1KZWsBoSyCwtsx4APPAw9ceMnL6ZWSnQ@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: Michael D'Errico <mike-list@pobox.com>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005e213205b0ed331e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Qf3xKH7usZN2O6Uyc3F6knqmzEE>
Subject: Re: [TLS] Un-deprecating everything TLS 1.2
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2020 14:21:43 -0000

A couple pointers for getting started:

   1. Check out Dowling et al.'s recent analysis. Published a month or so
   ago, it's the most recent proof of security of the full handshake (also
   includes PSK modes): https://eprint.iacr.org/2020/1044
   2. Check out Paterson and van der Merwe's survey of the body of papers
   that helped to shape TLS 1.3. It also overviews the myriad attacks against
   TLS 1.2 and below that catalyzed a more proactive design approach for 1.3:
   https://link.springer.com/chapter/10.1007/978-3-319-49100-4_7

If you're unable to download the second (2.), the same paper appears in a
slightly different form in van der Merwe's PhD thesis.

No analysis is perfect, but so far, 1.3 appears to be far superior to
1.0-1.2.

Best,
Chris P.