Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Eliot Lear <lear@cisco.com> Wed, 02 December 2020 17:57 UTC

Return-Path: <lear@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 673613A157A; Wed, 2 Dec 2020 09:57:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6Dm-pulh_ih; Wed, 2 Dec 2020 09:57:21 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39B2D3A156C; Wed, 2 Dec 2020 09:57:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3396; q=dns/txt; s=iport; t=1606931839; x=1608141439; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=UiwZR2Sf5quyl41nAnSXY5+UwFbZENq541ULgeXKWBY=; b=REiRVwI7jvoDyaAU2iFuXOaUUWIcVUEiZSuYq4vls4y+WSgvZBWeCNLd pwn1NSJQyNBfgXllG0xWWmsYDgMqT/UYoaOa4LjoP9bjrw7bOPaBrhZvN p/WyBSyQe/pfCgrs1kjtRaEO0rIRc71Ac5iV70HUSFWAEgW2ywZ/tXAIA E=;
X-Files: signature.asc : 488
X-IPAS-Result: =?us-ascii?q?A0BkBQAM1cdf/xbLJq1iHQEBAQEJARIBBQUBgg+CKkorV?= =?us-ascii?q?wEgEi6EPIkEiCOWH4YTBAcBAQEKAwEBJwgEAQGESgKCFSY4EwIDAQEBAwIDA?= =?us-ascii?q?QEBAQUBAQECAQYEcYVhDIVyAQEBAQIBI1YFCwsYIwcCAlcGExqDDAGCZiAPr?= =?us-ascii?q?R52gTKEPgGBGIR4CgaBOIFTjAiCAIE4HIJVPoJdAQGBHBoagyYzgiwEkFssi?= =?us-ascii?q?2KcD4J8gx6BN5ZeAxYJoiSxHINrAgQGBQIVgW0jgVczGggbFWUBgj4+EhkNV?= =?us-ascii?q?o4CgzqKWUADMBQjAgYBCQEBAwmOLgImgh4BAQ?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.78,387,1599523200"; d="asc'?scan'208";a="31526764"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Dec 2020 17:57:15 +0000
Received: from dhcp-10-61-103-72.cisco.com (dhcp-10-61-103-72.cisco.com [10.61.103.72]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 0B2HvEXW017664 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 2 Dec 2020 17:57:14 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <EB30DCC9-DE00-4F3E-ABBA-077F4982C3C2@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_0FD108D7-9B8B-4FE9-815F-7513802038BD"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Wed, 2 Dec 2020 18:57:13 +0100
In-Reply-To: <r480Ps-10146i-5D92DBE073F0406BAA96981F436B8E28@Williams-MacBook-Pro.local>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Keith Moore <moore@network-heretics.com>, last-call@ietf.org, tls-chairs@ietf.org, draft-ietf-tls-oldversions-deprecate@ietf.org, tls@ietf.org
To: Bill Frantz <frantz@pwpconsult.com>
References: <r480Ps-10146i-5D92DBE073F0406BAA96981F436B8E28@Williams-MacBook-Pro.local>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Outbound-SMTP-Client: 10.61.103.72, dhcp-10-61-103-72.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Tpxlu9Tlq1j-NP1N7diN08_mawQ>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 17:57:31 -0000

HI Bill,


> On 2 Dec 2020, at 17:22, Bill Frantz <frantz@pwpconsult.com> wrote:
> 
> On 12/2/20 at 5:37 AM, pgut001@cs.auckland.ac.nz (Peter Gutmann) wrote:
> 
>> The fact that many of these devices are extremely critical is precisely why
>> they're never replaced or upgraded, because they can't be taken out of
>> production.
> 
> I would like to have a few more examples of "Can't be taken out of production".
> 
> One I think I can address are heart pacemakers. These are imbedded in the patients chests. Upgrading them requires surgery. However, they have a limited lifespan due to their batteries running down, I think we're talking about 10 years or so, so there is a time where upgrade is practical.
> 
> Every so often, the patient needs surgery to replace the batteries. During this surgery, the pacemaker function is taken over by equipment in the operating room. The questions here are:
> 
> How much more surgical risk is there for replacing the whole pacemaker?
> 
> If, as I suspect, the delta risk is zero, because replacing the battery also involves removing the old pacemaker, then battery replacement time is the time to perform pacemaker upgrades.
> 
> How much risk is there in delaying upgrade to the next battery replacement?
> 
> If we think about security risk, from now-vulnerable versions of TLS, then risk perception will depend on the individual patient.

You should expect the NHS, FDA or equivalent to consult with manufacturers in organizations like AMI to try to characterize the risk so that doctors could have the conversation with patients.  But also it might be an area for design improvement in terms of being able to do in service upgrades.


> Vice President Dick Cheney was famous for being very concerned about being attacked via his pacemaker.

It was reported at the time that his protective detail insisted that his pacemaker not have any transceiver for fear of assassination.[1]  That was a good call because over the past several years a number of attacks on pace makers have indeed been discovered, some shockingly from remote distances.  They’re not the only such device out there, but they are an extreme example.

Eliot

[1] https://www.washingtonpost.com/news/the-switch/wp/2013/10/21/yes-terrorists-could-have-hacked-dick-cheneys-heart/