Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Watson Ladd <watsonbladd@gmail.com> Thu, 21 May 2015 22:41 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 444E01A87B1 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 15:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 741HVELzxWi8 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 15:41:49 -0700 (PDT)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 748A41A0191 for <tls@ietf.org>; Thu, 21 May 2015 15:41:49 -0700 (PDT)
Received: by wgez8 with SMTP id z8so1545249wge.0 for <tls@ietf.org>; Thu, 21 May 2015 15:41:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=PTdhrTxYRi+E3aKevYRdDOPQb8ZnQCFXs9bzWhZO2ZM=; b=wQvjirWxfrKzqk5UXTqNN9e5CvKvGokSmjwAh5AV2U4B8up/XLLbKFgX63ruuIXpyl cx/qwbR+ZMSXfAHWyjRTPNRzxd4WhYdKByLgxSv0a9HOPR7Ih3yoNd6fr816U5/haTXy gDFxSsUDnH4g1Rgmkc8Ej/li/n5sbC2LQQgYujWNpqK8hN+R8Qu1vxNRifXe4ij0xhaw FdiW5lr0IC667TCttbs4Va5VgaoWHXpqAhckQEPYPF0wjhinDQmVtF4yYe7/wRINA6Gm I6h9wQf2x2+BpdLjpoAeQsEB26scVe7XAPiUwoHC/iNq8tmooGeC+N6l+BQ7MAZYbHKQ e7ig==
MIME-Version: 1.0
X-Received: by 10.194.248.227 with SMTP id yp3mr9225951wjc.32.1432248108166; Thu, 21 May 2015 15:41:48 -0700 (PDT)
Received: by 10.194.20.97 with HTTP; Thu, 21 May 2015 15:41:48 -0700 (PDT)
In-Reply-To: <9ED694CA-2271-42DD-B094-55B560B9C76B@gmail.com>
References: <201505211210.43060.davemgarrett@gmail.com> <BLU177-W43B228C6C40A3EFFF6D0AC3C10@phx.gbl> <08521CEE-F00B-40B5-9A91-D290ED56EE67@gmail.com> <201505211816.42606.davemgarrett@gmail.com> <9ED694CA-2271-42DD-B094-55B560B9C76B@gmail.com>
Date: Thu, 21 May 2015 18:41:48 -0400
Message-ID: <CACsn0ck84SMT+Eqgdz7SBFQmaP0tFZQpX03Q0WyJtTgh5MhpkQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/VhluSFLoXmg6C1ssp6NnLmNqDyw>
Cc: "maray@microsoft.com" <maray@microsoft.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 22:41:51 -0000

On Thu, May 21, 2015 at 6:34 PM, Yoav Nir <ynir.ietf@gmail.com>; wrote:
>
>> On May 22, 2015, at 1:16 AM, Dave Garrett <davemgarrett@gmail.com>; wrote:
>>
>> On Thursday, May 21, 2015 05:50:26 pm Yoav Nir wrote:
>>> According to netmarketshare.com Windows XP is still 16% of desktops/laptops (as measured by web traffic). Add some older mac OS X versions and you reach 17%. Even mobile has some older versions. What this is proposing is to require servers to cut all of those off as a pre-requisite to supporting TLS 1.3.
>>
>> Windows XP & old Mac OS X users can install Mozilla Firefox or Google Chrome (or one of the browsers based on one). It's just the built in browser that won't work because the vendor dropped support.
>
> And you are proposing that we force them to do this? Worse, you are proposing that we deputize all server operators in forcing them to replace their browser?

If not now, then when?

>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.