Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

"STARK, BARBARA H" <bs7652@att.com> Wed, 02 December 2020 00:10 UTC

Return-Path: <bs7652@att.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 368433A0BD7; Tue, 1 Dec 2020 16:10:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87JKwcgHhR8Q; Tue, 1 Dec 2020 16:10:30 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE09C3A0BD4; Tue, 1 Dec 2020 16:10:30 -0800 (PST)
Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.43/8.16.0.43) with SMTP id 0B205Y9m048999; Tue, 1 Dec 2020 19:10:29 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049459.ppops.net-00191d01. with ESMTP id 355tju8v3t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 01 Dec 2020 19:10:27 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0B20AQ20027283; Tue, 1 Dec 2020 19:10:27 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [135.47.91.179]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0B20AJ1Z027051 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 1 Dec 2020 19:10:20 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [127.0.0.1]) by zlp30484.vci.att.com (Service) with ESMTP id C7F754009E61; Wed, 2 Dec 2020 00:10:19 +0000 (GMT)
Received: from GAALPA1MSGEX1DB.ITServices.sbc.com (unknown [135.50.89.115]) by zlp30484.vci.att.com (Service) with ESMTPS id AFE204009E60; Wed, 2 Dec 2020 00:10:19 +0000 (GMT)
Received: from GAALPA1MSGEX1AA.ITServices.sbc.com (135.50.89.96) by GAALPA1MSGEX1DB.ITServices.sbc.com (135.50.89.115) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Tue, 1 Dec 2020 19:10:18 -0500
Received: from GAALPA1MSGETA01.tmg.ad.att.com (144.160.249.126) by GAALPA1MSGEX1AA.ITServices.sbc.com (135.50.89.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4 via Frontend Transport; Tue, 1 Dec 2020 19:10:18 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgeal1.exch.att.com (144.160.249.126) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2044.4; Tue, 1 Dec 2020 19:10:09 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=miywxDjRes2OG3sPusEM+clcSVoL055aJTpwgGkmbug30DnNKaKeUVuy0GRhwcs10iGgxSlhrpfCsVtnei80ACupNPrRONy1JkKUK9eh6rgO+2ueSI8tAVTPDiEyz9AJPGay6dn6pb++Y5xMy05M2UddIVRkBm2LTwvT7A21ikaHlqa4UspgFnIIVzM0c8pUD7N3EDlK11sxHpKagnlhU9orverQ2AdwNCatsm3kOaZwf7EabA+7iSNue4c+rRMGiP8IRpbp1CXBILKurqYc+xSMPnG7uw2v1Fe/rsJVaRSiLDekQaLpbzTH8/AXlSE+OH3EEoElZl6P9Z5IwVE5WQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9ybQb94EujWawh/Hvc4k32Nfn8EFdUFOavrBItO9cm0=; b=JYu2AxkZEF46+KXZ1/34rBh0jZ6XpuM1eNW+vo2OK1FUwiBYc3q1j2I5/iZU5nNQ7BSHEyytugMRcpa7ZJr6D3xoPOVRjSicKw7i4EoH8exrpWb7F0Y0fwPnHwXuvqblShatLh50fe/lKosheJUGaW5NKlUvKolIiGitfb1+n5GJg3mkIf4B2GOV3uPjfkWMl5cnpori3zXDZvicnPxScJoKzrdJJXs6i8sdKtaYnHnKmPmt0Uz/m4OLyTHlwBrjmNSRDoYUNk/8jt8mwi387FFVs+Rp/UM5hnvkcM5urHqx9J4iRXm81XfzjHkG6DlgoIuPtX6O8evpa//tCmHL6Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9ybQb94EujWawh/Hvc4k32Nfn8EFdUFOavrBItO9cm0=; b=WbMWVfMfp1ewyfYFqWj7WmgjPOV1P1Gax9q0d9zCO0rDsvH2utD0jND8P2Qm5+nCyElUD0SgH9bPpofEtjTr7X6qSmnKDsuO/zgLW1Y8Mme0ht6uFlkPW24YL07HfMpQ8D9k3rT7WEqexceOwbWDbp54sBRR3MgmWjg8YI808D4=
Received: from SN6PR02MB4512.namprd02.prod.outlook.com (2603:10b6:805:a4::13) by SN1PR02MB3696.namprd02.prod.outlook.com (2603:10b6:802:2e::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20; Wed, 2 Dec 2020 00:10:08 +0000
Received: from SN6PR02MB4512.namprd02.prod.outlook.com ([fe80::1813:2439:6aac:fc24]) by SN6PR02MB4512.namprd02.prod.outlook.com ([fe80::1813:2439:6aac:fc24%6]) with mapi id 15.20.3611.031; Wed, 2 Dec 2020 00:10:08 +0000
From: "STARK, BARBARA H" <bs7652@att.com>
To: "'Blumenthal, Uri - 0553 - MITLL'" <uri@ll.mit.edu>
CC: "'draft-ietf-tls-oldversions-deprecate@ietf.org'" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "'last-call@ietf.org'" <last-call@ietf.org>, "'tls-chairs@ietf.org'" <tls-chairs@ietf.org>, "'tls@ietf.org'" <tls@ietf.org>
Thread-Topic: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Thread-Index: AQHWx/nyzVkLhyKQxUaje/JqTkrI/qni6cYQ
Date: Wed, 2 Dec 2020 00:10:08 +0000
Message-ID: <SN6PR02MB4512853560EE3B6BFAD3AF3FC3F30@SN6PR02MB4512.namprd02.prod.outlook.com>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <1606814941532.76373@cs.auckland.ac.nz> <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com> <SN6PR02MB4512D55EC7F4EB00F5338631C3F40@SN6PR02MB4512.namprd02.prod.outlook.com> <4479CAC7-05E3-4A2B-9431-8D1AE55C3B3F@ll.mit.edu>
In-Reply-To: <4479CAC7-05E3-4A2B-9431-8D1AE55C3B3F@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ll.mit.edu; dkim=none (message not signed) header.d=none;ll.mit.edu; dmarc=none action=none header.from=att.com;
x-originating-ip: [45.18.123.63]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b49b91f0-7e4b-402e-1f70-08d89656a0fc
x-ms-traffictypediagnostic: SN1PR02MB3696:
x-microsoft-antispam-prvs: <SN1PR02MB3696610BDF120CCC87F6F9FEC3F30@SN1PR02MB3696.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WdwaQ9Xmsds2xTC/9y9Hda617uEVmFuXIAVABhy/lnIBA720fPKY84zol47uvK8DNkYT1l6HQBItg2oeIeL0CYwYRHcFFquJH8Zd6CRYU4y/TDCXLUJfRNNtnsiIbW/lg4m5y7y9ouGF3e5+aMOtVW+ESk9urKwY1ueSBVzPzz0WukhhB0WwBduv4krIZykG1cgzsXzqAg/NNha6ymuGaCvKBqf57OM0CYAZouIJboriSC3+8+lueSg1/UQzvLoktQO+8uIFLPAv/x90zfXZEf6mdNDH7SwKCip5zQUWrgwSlV0X59wGvVoG+HIGToJpSsSWjGSGp5BwEoF8ndMUUw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR02MB4512.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(71200400001)(54906003)(82202003)(8936002)(6506007)(8676002)(186003)(478600001)(5660300002)(26005)(33656002)(4326008)(52536014)(66476007)(64756008)(76116006)(66446008)(83380400001)(66556008)(7696005)(66946007)(6916009)(86362001)(316002)(2906002)(55016002)(9686003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?bUNYb1lWcmk2SzRUcTRGLzAzb0N5Qzk0RSs2cmd5T1MvZzVjSlJkY2V5eFRI?= =?utf-8?B?dy8waEpiVnN5TjBFWkp3cjhQL3JiQUhzMklLVmhhUkNVN0pGRnhuVm1aank2?= =?utf-8?B?KzM4QW5nY20xWHkwd3QweDQ3VGcrMHRzbTF1UStnTGpjekFPY1U2SE9LOWNm?= =?utf-8?B?dklUYUQyQ01CM1VKWnE1d0VhaWxwYS94K3RaMTI5ZVExbkVxSHYzb3hzL2F3?= =?utf-8?B?RStSQlFIdTRqVkF2Mmx0RDBZTUluaS9uRFpKNHQ0cjZ6UmxDRjhHaHBLTmtR?= =?utf-8?B?M0NzTlhvbXZwUGlKUFhUMUFGSnZybzliWUhHNzBMbWp4U2lQMmI0d1BCcVRu?= =?utf-8?B?OVdQZ1o5VjhPalk4UXd5MURGeVJzdCtXZDdwWmZydTBMeTBQNmkrK1JVQzls?= =?utf-8?B?N1VueUllOC9rZyswM1hYOVBCYjlpOVYzL3BRRG5MSVQza3E0dy8zb3JadDFU?= =?utf-8?B?R3FKYjhxKzBOTytENWpOWkVkREVOTndQZzhzcFNQRXJLK2cyKzFCMzF5bGRx?= =?utf-8?B?QnllQjdqU1dMcGIwTTlxNXVtb2c5TkRSbnY4VVd5L1NOODN0QUxBUTVGb1pY?= =?utf-8?B?amNHMlBIL3dKWHhhdFpsc2tsdDlMOERQMXAxb1NNd1k5K0NxQ2c4V1A1eGVQ?= =?utf-8?B?WjVVNnBjNlR3d0Y0VmVhWjVKZ2pVcnIrYXlxNzJTT3hwbFFQN2pqZHlJNFVt?= =?utf-8?B?N2lIUFJyVmptQnZ3Z21penlVSEFabEU4K1pTcUVNcnFxYUNqcUxLVGJlMEpP?= =?utf-8?B?STNtWUw1TFlVaU1hUCtkMW5DWUdnSXpJaDVRREpTeG5WbC9JNDkyVFRNUmtW?= =?utf-8?B?Rm1wMG9maUpFTG9MU041cm1CRjV1UGZRSTI3Ly9qM244ZmNETWQvZDNUYVdW?= =?utf-8?B?Q0NpcWMvNTN5TVR4ZVkybTkrU1pDZXdNRHIxYm5BQVpWbkNGc3lwVmdyYTJn?= =?utf-8?B?aytFUFlzYVRYRWVRazVUWU5wNVQvQjNsTW5VdklnT3k2NkxIenU5TmFCNzNa?= =?utf-8?B?NjVVaFNkTlVQeUh4ekQ2UXJsbW5nblZxbi9lZUppSmMwT0lIYXF6aEFIOFNq?= =?utf-8?B?dmFMNU1oYlMyRXJXTnhwSHpCMVJYaVZaOHBkeGs4eUkrVmFveVg5UHJ6Yzgw?= =?utf-8?B?TnlhT0pqUEZoQXlGa3Z3SWplK2twbEVrVnRHQVpmWE5ObEdxSTNKN1lEM01R?= =?utf-8?B?VGpSR0xBQVczdUpzb25RWTgyejd1WHJNdmtJb1J3OXdaaDdZVHl5b3NXTmpx?= =?utf-8?B?RWRyYlVpYy9KTHhiZ25DMm1lSm9yZjJrMS84aDl4eEIxMHYvMy9IaWVRdS9Y?= =?utf-8?Q?2Hv2OQ9ajiQKE=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR02MB4512.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b49b91f0-7e4b-402e-1f70-08d89656a0fc
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2020 00:10:08.3737 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MsgPqSL76XuctqEk2KXOLJAepWT1tjn0TpRlw+3sq2UK+BwI/51djXUvipFsa1KM
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR02MB3696
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: 90EBB4635E0E0E57B973D15C188BE8F44B7ED1C80F512B39A4E0857FE47D1F012
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-12-01_12:2020-11-30, 2020-12-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 phishscore=0 lowpriorityscore=0 impostorscore=0 mlxlogscore=746 clxscore=1011 adultscore=0 suspectscore=0 malwarescore=0 bulkscore=0 spamscore=0 mlxscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012010142
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WRVmOHDcz4ldnvQe-UAZqnIZsNg>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 00:10:35 -0000

>     >    I would suggest the strong, unambiguous statement with explanation
> for
>     >    why the statement is being made.
> 
> Yes.
> 
>     >    There is no need to describe (possible) exceptions.
> 
> My opinion is exactly the opposite. Do describe the exceptions, as precisely
> and unambiguously as you can.
> 
> I don't buy the assumption that "one can never figure all the possible reasons
> when/why <XXX> should not apply".

Most of the reasons people will use when deciding to continue using these technologies are financially or resource driven (i.e., there are costs to changing) or to ensure a MITM ability to monitor. Getting consensus in IETF that such reasons are "valid" is, in my experience, futile. I really couldn't see IETF getting consensus on any case where the recommendation would be "SHOULD NOT". The only real effect of insisting on such a change to this draft would be to delay its publication indefinitely.

I believe it's already past time for these technologies to be deprecated by IETF. The proposed indefinite delay in publication in order to accommodate futile argument is unnecessary and, IMO, harmful.
Barbara