Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 02 December 2020 10:39 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D8F53A12C8 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 02:39:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYZ1lGqnEhSH for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 02:39:03 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 867973A12C7 for <tls@ietf.org>; Wed, 2 Dec 2020 02:39:02 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2236.outbound.protection.outlook.com [104.47.71.236]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-20-Wl2QsyYuPjC55dbSBGYzAA-1; Wed, 02 Dec 2020 21:37:43 +1100
X-MC-Unique: Wl2QsyYuPjC55dbSBGYzAA-1
Received: from SG2PR03CA0094.apcprd03.prod.outlook.com (2603:1096:4:7c::22) by SYBPR01MB3385.ausprd01.prod.outlook.com (2603:10c6:10:22::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.22; Wed, 2 Dec 2020 10:37:36 +0000
Received: from HK2APC01FT046.eop-APC01.prod.protection.outlook.com (2603:1096:4:7c:cafe::15) by SG2PR03CA0094.outlook.office365.com (2603:1096:4:7c::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.7 via Frontend Transport; Wed, 2 Dec 2020 10:37:35 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.224) smtp.mailfrom=cs.auckland.ac.nz; cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-ogg-b.UoA.auckland.ac.nz (130.216.95.224) by HK2APC01FT046.mail.protection.outlook.com (10.152.249.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3632.17 via Frontend Transport; Wed, 2 Dec 2020 10:37:34 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.3) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Dec 2020 23:37:32 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.007; Wed, 2 Dec 2020 23:37:32 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Eliot Lear <lear@cisco.com>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Keith Moore <moore@network-heretics.com>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-tls-oldversions-deprecate@ietf.org" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Thread-Index: AQHWtuemkBcnxjhwjkukZnBJ0gfqXKnb932AgAD1RoCABJdrIf//K3OAgAFq8mb//4R+AIACIVUV
Date: Wed, 02 Dec 2020 10:37:32 +0000
Message-ID: <1606905451349.74964@cs.auckland.ac.nz>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <1606814941532.76373@cs.auckland.ac.nz>, <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com>
In-Reply-To: <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1322ec15-90e0-41b3-5734-08d896ae47b9
X-MS-TrafficTypeDiagnostic: SYBPR01MB3385:
X-Microsoft-Antispam-PRVS: <SYBPR01MB3385FEC94A4093B695A36D87EEF30@SYBPR01MB3385.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:3513
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: NrRrQP9aDy6g7EhLH5pwdzIYBJsDL45ajCcTYyvWxe1T2QeR1fGfLrzpYPMxOfy8cbiwXILdO86V73qnlsT1khNuisTrz6Z0KWivIrQ3f+OgOH26XNOnzEpA7RN6fBEbOFNwSeN2g70uSnwb3sINLH9SqKAJQiOo63ssZkw7DNnL2RqugtB57KV6HOQLVRznoRIUcH0m4QVpPlBtbJO7TeScwAHAPTS1Lp3K/4CX+ledoHk7a4Q9yNFQsG+pByxzo3lsxEpp29LFq66Jrb8bA2GWw+tlGV55R7BOg1mYbyzaWG8P8jYwWN2Pus4n/d7cRIHbdYBkXPFpj7jdzTa0cMQSzk/ZA4DT4A5tj8fHMK+JLSyAHb2gQcnkFQfEerdYJ4Z52OGkBttkRJ+ate5v6w==
X-Forefront-Antispam-Report: CIP:130.216.95.224; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-ogg-b.UoA.auckland.ac.nz; PTR:natgate2-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(39860400002)(346002)(136003)(376002)(396003)(46966005)(5660300002)(36906005)(86362001)(316002)(82740400003)(2906002)(8936002)(4744005)(8676002)(54906003)(296002)(786003)(4326008)(336012)(186003)(6916009)(2616005)(26005)(7636003)(47076004)(356005)(478600001)(70206006)(70586007)(82310400003)(83380400001); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2020 10:37:34.1431 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1322ec15-90e0-41b3-5734-08d896ae47b9
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.224]; Helo=[uxcn13-ogg-b.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT046.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB3385
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TDV2XjH2mFf4qd3QDJ-4UOBM9mg>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 10:39:04 -0000

Eliot Lear <lear@cisco.com> writes:

>If a device can be at all critical (and even if it isn’t), then it should be
>upgraded or replaced.

The fact that many of these devices are extremely critical is precisely why
they're never replaced or upgraded, because they can't be taken out of
production.

Peter.