IETF Logo Mail Archive

Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Eric Rescorla <ekr@rtfm.com> Wed, 09 October 2019 12:20 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 668771200D7 for <tls@ietfa.amsl.com>; Wed, 9 Oct 2019 05:20:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qAbtVUUCjmRF for <tls@ietfa.amsl.com>; Wed, 9 Oct 2019 05:20:56 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 702AB1200C3 for <tls@ietf.org>; Wed, 9 Oct 2019 05:20:56 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id y3so2258692ljj.6 for <tls@ietf.org>; Wed, 09 Oct 2019 05:20:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xocpzkDPVy17NvGjtfVdxYKvHt112fZQA2GtJoEa7J0=; b=gqeyAsS/+hjSeHytzH/HWMYdm6i36T6t+x1d1bqg31pieVznIqAWhCqqhOmUSB0SWH IMuSiPQSQPUrPsl4Joq9AzT6xZ44uy2apzaBSKuJlRAb2pYwwEkoOZvYed4fkR8TwY+Z jChZK7AjXDgAAhH9g32R3jfpQ6PjPnS7Z91JTah6g78RF/j/YUaqYb3I/uYjPJnj/lA5 ORkaa7OKrrta+BGaZDsxnrel2oOnOgAf9r1+k1kDphnvT3it5XmiDkg8A2UHx6/DT5I+ gTA/W4D1J1D53OdzFsWDQrHSMmT4sY+MSQXIoNu6CK014ELWiPD4EVcDYB5qM/JJ+tHT neTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xocpzkDPVy17NvGjtfVdxYKvHt112fZQA2GtJoEa7J0=; b=ZxEn0407JopUWPhA3EDErCPTk/mNjexxbQ67DM7f6dQ8w7Pe7UKootlxTXac98AXMH OaG8CoBm1lbXY00FSyTPdSf+cZIalQkyuB+2b04JMbWuXDlrEV7u+DO/TXzT/hfd1v9q 4Iw7M4y39cmKA5+dw1vclZzTgao4iPLYGfDhfk2XxU2Bw9Vb2kzOFm3+AUhsYQ2Ukfwv 8N/XFA0KfXV8Ac6i+SeiSchaDAKguS0hHh646Dn589KE6BWWXXKV3ROkhL5Y6otBeoz2 eePQkcL9IL46IcIX5ZRiscR5NHIn2Pw8T6m/OvFmcyFOpP33tw0GzK1cGjLykQHNAKns +CZA==
X-Gm-Message-State: APjAAAX2fT8oxNXcnB68VlvpLwl9r0LGCI9VRRaaxUrHBKmCnrLwFtyx Qkfj3z80mpK8ps/v6f3cmR4aDtxIe8tHoI0jrl3mTQ==
X-Google-Smtp-Source: APXvYqxKiIDCCkQYKNpO81Iat3Z3dYoq1deymRe0TE3mP+rqRYBp4d/lYObR5tvQHX1FjIu7JReLhL9h2UyVLbF4MiU=
X-Received: by 2002:a2e:3a14:: with SMTP id h20mr2061401lja.29.1570623654480; Wed, 09 Oct 2019 05:20:54 -0700 (PDT)
MIME-Version: 1.0
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com> <149BDA3C-14CF-459F-90D4-5F53DBEF9808@iii.ca> <CAChr6Sx4AVjkoKWiD2-cT2ZBNg=mKzeOX603gVs0f7vQ_FgN7A@mail.gmail.com> <CABcZeBNOVOBifOSnWdxSDTLizUUUn6ctLrBT43CHK+4B7KWGiQ@mail.gmail.com> <CAChr6SzT3GqmidPbmVjmrZX=u1UpBee4e8K2C-zHuNHEqgB7uQ@mail.gmail.com> <CABcZeBOGjPYy9FaOzaf-bHKaoMtXpO0SjQO5RTx9fMUo3r8vUg@mail.gmail.com> <CAChr6SwjdhpL2jQgNVjjuLosa8ycZEi9rGHuZ=K8=ToRy-gfJw@mail.gmail.com>
In-Reply-To: <CAChr6SwjdhpL2jQgNVjjuLosa8ycZEi9rGHuZ=K8=ToRy-gfJw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 09 Oct 2019 05:20:18 -0700
Message-ID: <CABcZeBOpOCONvoeOZ0ypfKTHA936RPxVMSO9g=QEN3mEPiy6ww@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Cullen Jennings <fluffy@iii.ca>, "tls@ietf.org" <tls@ietf.org>, Sean Turner via Datatracker <noreply@ietf.org>, IESG Secretary <iesg-secretary@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000006a660594795172"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T8kfxdbaRL5KsUCLTrvkI4FOMOI>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 12:20:59 -0000

On Mon, Oct 7, 2019 at 10:29 AM Rob Sayre <sayrer@gmail.com> wrote:

> On Mon, Oct 7, 2019 at 1:25 AM Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>>>>> It seems strange to put DTLS 1.0 (based on TLS 1.1) into new documents.
>>>>>
>>>>
>>>> A few points.
>>>>
>>>> 1. It doesn't pull it in. There's no reference and there's just an
>>>> informative statement.
>>>>
>>>
>>> Shouldn't there be an informative reference?
>>>
>>
>> To what?
>>
>
> Hi, I missed this response. This discussion seems a bit tedious, but
>
> 1) it doesn't seem like a particularly valid claim to say that the
> document "doesn't pull" in DTLS 1.0 when the rationale for that claim is a
> missing reference.
>

Well I suppose you're entitled to your opinion, but no, I don't think
that's true. We have a very specific meaning for normative dependency and
in no way would this be one. At most this would be an informative reference.

In any case, this is not the proper place for this discussion. If you want
this document changed, you'll need to take it to the RTCWEB WG.


> This thread also has some other unusual claims:
>
> On Tue, Oct 1, 2019 at 7:34 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> > we can't "UPDATE" an I-D.
>
> Not true. If you need to refer to something that's been IESG-approved but
> still in the RFC queue, you can leave a note for the RFC editor to update
> the reference to the eventual RFC number.
>
> On Wed, Oct 2, 2019 at 8:17 PM Sean Turner <sean@sn3rd.com> wrote:
> > You can change the text, but I do not believe it will change the
> implementations.
>
> If true, changing the text would seem to be uncontroversial.
>
> Anyway, leaving strange text like this DTLS 1.0 stuff in the webrtc
> document is one thing (although I'm surprised the IESG allowed it).
> Claiming that a document like draft-ietf-tls-oldversions-deprecate can't
> update documents from a concluded WG is another.
>
> If the IETF can't get consensus on actually deprecating DTLS 1.0, maybe
> something similar to the text from draft-ietf-rtcweb-security-arch should
> be added to draft-ietf-tls-oldversions-deprecate.
>
> "Earlier specifications required DTLS 1.0. Endpoints which support only
> DTLS 1.2 might encounter interoperability issues."
>
> That would seem to subvert the point of the draft--I think this is the
> point that the original post in this thread was making.
>

When we agreed to discuss this draft, there was an explicit discussion of
the fact that this was the IETF's opinion based on security and protocol
maturity but that we expected the transition to take longer in some domains
than others, so I wouldn't have a problem with that kind of text, as I
think it's factually accurate and implicit.

-Ekr


> thanks,
> Rob
>

v2.23.0 | Report a Bug | By Email