Re: [TLS] TLS@IETF101 Agenda Posted

Ted Lemon <mellon@fugue.com> Wed, 14 March 2018 19:11 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3A5E12D94E for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 12:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level:
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jGh6KsDbll1Z for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 12:11:18 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47C02127601 for <tls@ietf.org>; Wed, 14 Mar 2018 12:11:18 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id v194-v6so6101321itb.0 for <tls@ietf.org>; Wed, 14 Mar 2018 12:11:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=e+K8Ie6BkuvaU70rvqDa9+BGsO6Gpamgq7oVrdscaRo=; b=m4gJAQiLa0XLpudj1xwD1jJROayPTW42WeQq7xNVkDexmQx8zbHW6bk1PV05Y67Era kpG5mWX4q+Ifjewha92E80ua8aHCtbe/HjQOqX8cJ7qZDktLR+9ZVdFXOKAILjzRGnO9 svqYvFKFNk9WDFUgcD3bVEwSeQGMAAn3i/YB75kSa3uOrxT+aS9iwZnVAiri5laS5ssz R/D4U8o6y7z7VEcg7xLxReE3CczrQL8GZYExY+Rf01GAZvsy/a4LMB5MSZ5taeWNVPmE wAXig+FcRHohwvZgbcN+61DHhxpu4TqZRpT2Wwnj0ED0U+nwHGbCE7cJ/Li8jv8sikru 88+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=e+K8Ie6BkuvaU70rvqDa9+BGsO6Gpamgq7oVrdscaRo=; b=DHzLxGzaillYtUErsbSq+yGUy/Eh+WzvXIPGnARMtFtQm0ikgy21b812D2/uSFETZM 2+NwzMNaVGy1XXI3FITmHsWxctH2PMdBLC1RqCRuYmWl8W6YSWYuICskHOjRs5PNvvwp t3tu/JGMCBQWP5aQqdCZqLrPa8VUx0KSSvLn0hNNg7875T+wY7I8eW1he9az65hMHcvG r1rixfUjGChBM6sAsQ9Cz1qvRJx4/R4HAe/0GcJDVu6df1Pjo3T3Fjpf3zQ/lqQ04Tzv fSg4ZqScwEa/4fSeqJPCX79Qk8cqzMt4w1/tzkRe+RNDbKTVULiF8XEzekhyIvpwW7Yh 8NAw==
X-Gm-Message-State: AElRT7E1zcpt/aoYR3ocTLoGEPbLwkjhSrrbyeH2rof0xlMY/STUSywL xwDH/1HoCMDRFHFV36X4Pj/q4CCZKOrsxpquqF019g==
X-Google-Smtp-Source: AG47ELtfciU09hLy8AboKrrh1xEP6GpWVEUys6meB8tTOhCv5JGO3eftnTIop9ohZCt2aZADLWUdovdtqh8NAhUjfNU=
X-Received: by 2002:a24:4ecf:: with SMTP id r198-v6mr3339646ita.98.1521054677550; Wed, 14 Mar 2018 12:11:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.225.204 with HTTP; Wed, 14 Mar 2018 12:11:16 -0700 (PDT)
Received: by 10.79.225.204 with HTTP; Wed, 14 Mar 2018 12:11:16 -0700 (PDT)
In-Reply-To: <4317390C-51CB-4969-8251-DBA18CBDE0BA@vigilsec.com>
References: <6140B7A6-A1C7-44BC-9C65-9BE0D5E1B580@sn3rd.com> <090F06AF-371D-4B11-91AA-BD80C1ADB4E9@fugue.com> <C1970611-C781-41A8-87CA-D00629AC41E7@vigilsec.com> <12691059.D1o9753ySB@pintsize.usersys.redhat.com> <4317390C-51CB-4969-8251-DBA18CBDE0BA@vigilsec.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 14 Mar 2018 15:11:16 -0400
Message-ID: <CAPt1N1=x4cA_wnrLny638gmQBTL039bXDj-1U98KiKMHEaq6+g@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Hubert Kario <hkario@redhat.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bd5dd605676423b6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T_wb2R6PSErgMDDmDnI_BbHJkYo>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 19:11:22 -0000

Perhaps this would be a good time to put in a plug for additional funding
for openssl et al...

On Mar 14, 2018 14:53, "Russ Housley" <housley@vigilsec.com>; wrote:

>
> > On Mar 14, 2018, at 8:39 AM, Hubert Kario <hkario@redhat.com>; wrote:
> >
> > On Tuesday, 13 March 2018 23:16:47 CET Russ Housley wrote:
> >> Ted:
> >>> There's an easy way to do this, although as a sometime bank security
> geek
> >>> I would strongly advise you to not do it: keep using TLS 1.2.
> >> This is a bogus argument.  First, staying with an old protocol version
> often
> >> leads to locking in unmaintained versions of old software.
> >
> > this is simply not true, the newest versions of OpenSSL, NSS, GnuTLS and
> > schannel allow you to disable TLS 1.2 and TLS 1.1 protocol support to
> > effectively only support TLS 1.0!
>
> After TLS 1.3 is approved, I have heard a desire from software maintainers
> to drop support for some of the older versions over time. Support for SSL
> 3.0 has been dropped in some cases, and for good reasons.
>
> Russ
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>