Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 01 December 2020 14:51 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3169D3A0F41 for <tls@ietfa.amsl.com>; Tue, 1 Dec 2020 06:51:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5PEV20bd9bbF for <tls@ietfa.amsl.com>; Tue, 1 Dec 2020 06:51:07 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50C1F3A0E89 for <tls@ietf.org>; Tue, 1 Dec 2020 06:51:06 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2239.outbound.protection.outlook.com [104.47.71.239]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-85-HZhk1AIBNTOxRsVObaDygA-1; Wed, 02 Dec 2020 01:51:01 +1100
X-MC-Unique: HZhk1AIBNTOxRsVObaDygA-1
Received: from SGBP274CA0001.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:b0::13) by SYCPR01MB4910.ausprd01.prod.outlook.com (2603:10c6:10:48::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Tue, 1 Dec 2020 14:50:56 +0000
Received: from SG2APC01FT048.eop-APC01.prod.protection.outlook.com (2603:1096:4:b0:cafe::27) by SGBP274CA0001.outlook.office365.com (2603:1096:4:b0::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Tue, 1 Dec 2020 14:50:56 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.224) smtp.mailfrom=cs.auckland.ac.nz; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-ogg-a.UoA.auckland.ac.nz (130.216.95.224) by SG2APC01FT048.mail.protection.outlook.com (10.152.251.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3611.23 via Frontend Transport; Tue, 1 Dec 2020 14:50:55 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Dec 2020 03:50:54 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.007; Wed, 2 Dec 2020 03:50:54 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "research@bensmyth.com" <research@bensmyth.com>
CC: "last-call@ietf.org" <last-call@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Thread-Index: AQHWx6dBmj7nd+hSZ0CKL5qM/ZJeHqnhaXqAgADpzQM=
Date: Tue, 1 Dec 2020 14:50:54 +0000
Message-ID: <1606834252382.9367@cs.auckland.ac.nz>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <CA+_8xu2V7ZD9jmSH3t=yQua2WO=DjGYAgs196Xc2ba5UtOX29w@mail.gmail.com>, <6E6E30C2-21FA-450E-A133-03FA80AB424C@akamai.com>
In-Reply-To: <6E6E30C2-21FA-450E-A133-03FA80AB424C@akamai.com>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: abc02446-a3cd-43fd-e5c8-08d89608822f
X-MS-TrafficTypeDiagnostic: SYCPR01MB4910:
X-Microsoft-Antispam-PRVS: <SYCPR01MB49102F1C640DAF75DED12A17EEF40@SYCPR01MB4910.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 87qYjgsYBAUAQ/xnh9btBd5pv08UBfEP7l6ApHfJvdkU9U1HUr4lMlpBrgNyAjQFYg3LhcMU+CupbQ4ZuTUCSiWOMl+9apHEpRU8eKjLUs7rB0ll942HO6rlb6wAtfZSuA8SLQopNHy9cq3H3S+UaUhxOA168ezBLlGM7upS1dm98ZcohmtuW1ENvZ5ToXQ7z1W1Ij7RwGCW+ah6dYdLr9RLAUFXPqMoz5rDgUC4mRAd5uY3yWrXQoAlZDVUOy/KLE855ZihaQwcjU4iawcAD9g0CPh/Rfz6O+EEOWYTJxUOdJ21WL10ajXiQRlnSyjGUm7/wqACFI1vb4y+4c0cmTsMJvaTd/sCuXorY1zlzrIvaBn0ozPQlYJG2AN6rqrz+FFtd6PoSa3ArgiA6BKz+w==
X-Forefront-Antispam-Report: CIP:130.216.95.224; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-ogg-a.UoA.auckland.ac.nz; PTR:natgate2-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(376002)(136003)(346002)(39860400002)(396003)(46966005)(186003)(82740400003)(47076004)(83380400001)(82310400003)(5660300002)(70586007)(7636003)(356005)(70206006)(110136005)(54906003)(786003)(36906005)(86362001)(2616005)(4744005)(316002)(4326008)(2906002)(8676002)(336012)(26005)(8936002)(478600001); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Dec 2020 14:50:55.8218 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: abc02446-a3cd-43fd-e5c8-08d89608822f
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.224]; Helo=[uxcn13-ogg-a.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: SG2APC01FT048.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYCPR01MB4910
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VUy8_w5-dqo13zqoXVP1zXqz8tI>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 14:51:11 -0000

Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> writes:

>The right thing to do, from a security viewpoint, is DO NOT USE TLS 1.0 OR
>TLS 1.1 If you have special circumstances, then do not follow the RFC (once
>published).

And how will the people who can ignore it know that it's OK for them to do so?
Once it's published, everyone who uses TLS will think it applies to them
personally even when it doesn't.  This is why putting wording in there telling
these groups that it doesn't apply to them would be a good proactive move.

Peter.