Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt

Christopher Wood <christopherwood07@gmail.com> Sat, 14 July 2018 02:04 UTC

Return-Path: <christopherwood07@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09185130EAE for <tls@ietfa.amsl.com>; Fri, 13 Jul 2018 19:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtqiNTj0WSLc for <tls@ietfa.amsl.com>; Fri, 13 Jul 2018 19:04:44 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E880130E23 for <tls@ietf.org>; Fri, 13 Jul 2018 19:04:44 -0700 (PDT)
Received: by mail-io0-x22b.google.com with SMTP id v26-v6so32891696iog.5 for <tls@ietf.org>; Fri, 13 Jul 2018 19:04:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rXbhfKCXP7Ip5LFMMW9WHd7VtrCKadXId8CayGVyB7w=; b=UNQzr+mAu9hCnO6G7QxOTZSEtTZcpYUGxuauHSmblFcLA/EXyRGfMDih5FrDuBtR/B 7avgReh9yTCtHJbzBAFadDR1f81mJFp8jECxzJwRnqdk2w9IDnM6ZShaTcMubnY66CHY 0b2myC2U9siJqFYTbkcTYUYzfJL65MG7tlrsBweburGTBqHW8V+hQcv/6poZ/EKHCD6A 92S6hIBYT3NsioL6x4qBZ8OfQgYvWMcdLpgXBR4btqLmIzxph84RLVDDurQkA75Dr/Sr 43B6hMfZfYw/iQe/241h6BVzMMkzxdlpp7Q9M7k2mlhmPSsnaB9Qe8Jc9tjC2bFYhw/Z GHFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rXbhfKCXP7Ip5LFMMW9WHd7VtrCKadXId8CayGVyB7w=; b=aKOhHxT3SBOqlw5IQG2hDewQJJjvNu+1Kofp6EceacEQd7MnjnMz1UhyMHkrJ9S+mv sDsEdYYB3Hg5/lTpFwc3SWXpU6o9kth0sOMgnNx4xjJCtWSxg9X7jMzI7z/W6ItVYwOq 52R4Cr4la27rVzHo9uVe3TVtY9VCWG9xvK1Ix63Y1Tb1m9iSrlKuP3w09hmsqZtWqIl1 YGiddI+o02/l2ra3G9EaOSz+3jiTkicrsBsd1893uF0MS+baSlvgjaFSwEU+wqZMGZPy BlYqPgoRdpJpX4vm/HOdpMULRuukQDS/wUj/eBKZNMwlb9IPQk5nS8nYozV9HEBKJOPx M4fw==
X-Gm-Message-State: AOUpUlHX/MrzgVWqbmsQBkHMFEN+PzYG7ZjCGAz2+EeMvdY7uuEYD69u iIubnIsYrMrtCqAI+FjOd3aCtCi/BHAmGgyKkoe72pP3LdA=
X-Google-Smtp-Source: AAOMgpcGrvNZi6mX+dalGS5SxMEIa7nsAU6gwsX+szupj/Z/V68+m05PSFzUyejdeTXOdPreBp525RRu4Xn7lw2+Xls=
X-Received: by 2002:a6b:8828:: with SMTP id k40-v6mr7269622iod.68.1531533883675; Fri, 13 Jul 2018 19:04:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:7054:0:0:0:0:0 with HTTP; Fri, 13 Jul 2018 19:04:43 -0700 (PDT)
In-Reply-To: <CAF8qwaAgBuzsQ+4=PJmrpDAqBMN5Gn0GPat86vOJ6KRV2Acmdg@mail.gmail.com>
References: <152934875755.3094.4484881874912460528.idtracker@ietfa.amsl.com> <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com> <CABcZeBN4RPt_=zu-PTPeaYbQ4KxC8DAf=a7359pZDjYavpxecw@mail.gmail.com> <CABcZeBMzweULuOfxe_Dp7n6M7Lt77_1Qq92=KzfmuBeShUSCDQ@mail.gmail.com> <CAF8qwaAgBuzsQ+4=PJmrpDAqBMN5Gn0GPat86vOJ6KRV2Acmdg@mail.gmail.com>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Fri, 13 Jul 2018 19:04:43 -0700
Message-ID: <CAO8oSX=ONzf5knyN6-dcU67W8=NUh2siLYHkhfh+tVFL0wUJsg@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: Eric Rescorla <ekr@rtfm.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T1RTp6RW6ZUuAHMYq5C5yXq9aSo>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jul 2018 02:04:46 -0000

(Chair hat off.)

On Wed, Jul 11, 2018 at 10:37 AM, David Benjamin <davidben@chromium.org> wrote:
> On Mon, Jul 9, 2018 at 12:58 PM Eric Rescorla <ekr@rtfm.com> wrote:
>>
>> On Mon, Jul 9, 2018 at 9:54 AM, Eric Rescorla <ekr@rtfm.com> wrote:
>>>
>>> Thanks for writing this.
>>>
>>> I would be in favor of deprecating old versions of TLS prior to 1.2.
>>> Firefox Telemetry shows that about 1% of our connections are TLS 1.1
>>
>>
>> This should be 1.0.
>>
>>
>>> (on the same data set, TLS 1.3 is > 5%), and TLS 1.1 is negligible.
>>>
>>> This is probably a higher number than we'd be comfortable turning off
>>> immediately, but it is probably worth starting the process.
>
>
> Metrics from Chrome report 0.43% of our connections are TLS 1.0 and 0.03% of
> them are TLS 1.1, which is a similar situation. I too am in favor of
> deprecating them and getting things started.

Our system-wide metrics indicate 0.36% and 99.6% of connections are
TLS 1.0 and 1.2, respectively. This does not include all code paths,
though it covers the overwhelming majority of use cases, including
mobile mail. Thus, similar to others, I'm in favor of deprecating TLS
1.0 and 1.1.

Best,
Chris