Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Rob Sayre <sayrer@gmail.com> Thu, 10 October 2019 03:00 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1466C120072; Wed, 9 Oct 2019 20:00:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPHGEyN1y8Vp; Wed, 9 Oct 2019 20:00:31 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CB9012006B; Wed, 9 Oct 2019 20:00:31 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id a1so10389578ioc.6; Wed, 09 Oct 2019 20:00:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mVExM+llfGKpNpmz2TLkM1FuuMlTX2EZezp9dkxbzSQ=; b=jBfQOmXhPFUnbszWZVzm+fAWC0WoKFulDxR6W5EOd9pW20eM4XJ0dE0/7vTAJxe0OC Nut0pf1svI+1nFWjsTn2hZO8ZQEgtDNSP5JyzOBBgNgZYnv+2YGlGc8aD6qelBr1LHNS G+UACfWHqmmITHnJnx9E3I0I2jkyvF/fEF8D7RFVJUGjKAYfCiEI7CvNcq7lx0i4SZ+Q n/J7t6I0mLC50kRyt1JuTpri9OPXbeabU5vWiORTv/pFVH1aliLd3xzJCZgTkzwcboHJ KSSPMhpY8EMxyU/HINkHBRm9gqyBJafqow8NK2Ipkwq+OrCvR4//A2L155Vhf4asH93u jiGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mVExM+llfGKpNpmz2TLkM1FuuMlTX2EZezp9dkxbzSQ=; b=cinOOP6xKfQgDLeTEBuNkfrlLhC3WeHPBc0xkl+U/Rx57AiakMBS6iodeNOqavORzK cM4SdoagRoXcrWrI9FwUZtINE6MS+sx6gy9FyrJ6+cEIPRPUj0h/cyOgUuPIGR8glhhF rOiSUfn/iRla2n5ofbKCf/oJe+kFO7tSQDeTE2/NOS8g9/43bmSV23s/KlG15NtrR74b xjxDamWMrNNNTqdfOW0SrrIULFsVzfh+zsUwaW90lT/0kYTmBk8Ym8RBhNkkyG3h4h5k N1Jvozj2edOVDEMjvgn81WvfkSPCnTjNWtWMGAQHvNyFKNyclAkN5qWzLh9dsb6o7vx8 gbDQ==
X-Gm-Message-State: APjAAAXR2yC7siCFnKmk4Ak/1N6KmryNbgNgG5mvvuGUngEpHkjWWLms czKwgPLoptmVkFz9X+zLJaM30Q/yazsnafBbVjo=
X-Google-Smtp-Source: APXvYqyMgB3f01Dc0dQUN1/olZRoehkXCf5/IjnRkCg8B3eXRLvHBvjiaSaNESeE9dyvTQMAcYHGhzBuHGr6C33WC60=
X-Received: by 2002:a5d:8f83:: with SMTP id l3mr3681835iol.73.1570676430460; Wed, 09 Oct 2019 20:00:30 -0700 (PDT)
MIME-Version: 1.0
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com> <149BDA3C-14CF-459F-90D4-5F53DBEF9808@iii.ca> <CAChr6Sx4AVjkoKWiD2-cT2ZBNg=mKzeOX603gVs0f7vQ_FgN7A@mail.gmail.com> <CABcZeBNOVOBifOSnWdxSDTLizUUUn6ctLrBT43CHK+4B7KWGiQ@mail.gmail.com> <CAChr6SzT3GqmidPbmVjmrZX=u1UpBee4e8K2C-zHuNHEqgB7uQ@mail.gmail.com> <CABcZeBOGjPYy9FaOzaf-bHKaoMtXpO0SjQO5RTx9fMUo3r8vUg@mail.gmail.com> <CAChr6SwjdhpL2jQgNVjjuLosa8ycZEi9rGHuZ=K8=ToRy-gfJw@mail.gmail.com> <CABcZeBOpOCONvoeOZ0ypfKTHA936RPxVMSO9g=QEN3mEPiy6ww@mail.gmail.com> <CAChr6SwN+5qR7q5cfaR3PpCV9Qrdm_9zTPY-eu6VAAZ3t=k8Qg@mail.gmail.com> <CABcZeBMcT-zeNy3UyYRHd9B_vG3Ay5gVZ80wgKOE7MpAYiOwzQ@mail.gmail.com>
In-Reply-To: <CABcZeBMcT-zeNy3UyYRHd9B_vG3Ay5gVZ80wgKOE7MpAYiOwzQ@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Thu, 10 Oct 2019 10:00:18 +0700
Message-ID: <CAChr6SxctG432p+BvAwQPs7K1enB=UnPf+q2_A8HyWzD16Aj_Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Cullen Jennings <fluffy@iii.ca>, "tls@ietf.org" <tls@ietf.org>, Sean Turner via Datatracker <noreply@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000b1dc9c0594859a1d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UanYU-qtVK5PZxPe24xMBZ2NjxY>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 03:00:34 -0000

On Wed, Oct 9, 2019 at 8:04 PM Eric Rescorla <ekr@rtfm.com>; wrote:

>  So, 6347 was totally reasonable at the time and I expect the guidance in
> this document to override 6347 which all seems quite normal.
>

Right, that makes sense.


>
> draft-ietf-rtcweb-security arch doesn't precisely encourage you to
> implement DTLS 1.0; there's no normative language at all (even in the
> non-2119 sense).
>

It does have a normative reference to RFC 6347, and seems to be referencing
this part of it: "Implementations that speak both DTLS 1.2 and DTLS 1.0 can
interoperate with those that speak only DTLS 1.0 (using DTLS 1.0 of course)"

I can understand the WG's "MUST (but we know you won't)" situation. Trying
to write spec text for those situations always ends badly over time (imho),
but maybe editing the draft itself would be controversial.

It does look like draft-ietf-tls-oldversions-deprecate should update the
draft, if it's changed so that it updates DTLS-using RFCs. For example, if
the document had been published in 2017, would there even be a debate?

thanks,
Rob