Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Eric Rescorla <ekr@rtfm.com> Sun, 06 October 2019 18:26 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB88B12080C for <tls@ietfa.amsl.com>; Sun, 6 Oct 2019 11:26:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaQr9e1iDWDL for <tls@ietfa.amsl.com>; Sun, 6 Oct 2019 11:25:58 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D092F12081B for <tls@ietf.org>; Sun, 6 Oct 2019 11:25:57 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id 72so7684922lfh.6 for <tls@ietf.org>; Sun, 06 Oct 2019 11:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=p0+LDL3ESB/xh9tA098MmhB6lE+DimAcDaCMg9LHLnE=; b=BakB9DxIqa+d9s2c0UarZXipVGUztWmAPV3URBCReCfdV5gqP2koP4cRZ9rC9NCBvO QytPYEByBncnowN04qUyzoHP4PDrY1BtxfqPZ4z06x6aWPuM08+1JKgi/tyKxS9avyXZ LgMM07HGpBsiv4/0UnmHmWpSlv1beBIWcHzKmDNHPgxSEm0ql2lQlc3T+8XOYmhiG2n/ yAh4D3lsQG7HwCsgg4sD2LfiARmXGR0Gmy8j0JDh9WutCA8Hg1Dld2tbl97/WgWQ4oFw ARvqVlvQ/M25gPQcFb68CZWLdKydVcn3SoZ6yisltt2JLf7kiSjOnxzVPIqKxzrJvZHd 6gkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=p0+LDL3ESB/xh9tA098MmhB6lE+DimAcDaCMg9LHLnE=; b=fDgip+4S7Ut6ZzCG7LxoVoMvPQ6KZsXuctZVrFU0TBPdnOYQJvbkTCxwwVW0MRexBF OSkzPA2GcCWI4t/OgAHuKhCTjsUh+pFYn0TqopviJ2tgNVjsCkeUAfio4GdnCIYTpCfZ n4SFwmO+H1V1jhI30SQAs9DcdX1LV4pTEy35qt7+dDQGRXArFk50R+FZPQSAkHmFEy8v 5CvYllax4PQFvihvpeNtqnPj53G7kkdIOBnBkAXrVqjX3dubzvd1klV9eiqe5HGTTJLj rAWBvjBgSOtEZMTvVzU74ajcVMq0swKfR9t0mzYkWWWxIoOAyOnRU+cvi3r/KGS/BgK7 UWfw==
X-Gm-Message-State: APjAAAWpu0SQUC5RYPDrlAHZigIxwQQmjjyDNipp+GXXVqOFjlOA9Vef G42OkBb4h49XTQShU+p2qOrIlqhPASY4VR0Kyv4Iog==
X-Google-Smtp-Source: APXvYqxg1zKm0SqIEnbfLIbDC6sHPVv59s0tsLt6YmriUVXI53uIap4W9pkrykhz2KBN7ukdmxJZ6Gp5Kt4id/1lUuw=
X-Received: by 2002:ac2:44a3:: with SMTP id c3mr13325801lfm.17.1570386356113; Sun, 06 Oct 2019 11:25:56 -0700 (PDT)
MIME-Version: 1.0
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com> <149BDA3C-14CF-459F-90D4-5F53DBEF9808@iii.ca> <CAChr6Sx4AVjkoKWiD2-cT2ZBNg=mKzeOX603gVs0f7vQ_FgN7A@mail.gmail.com> <CABcZeBNOVOBifOSnWdxSDTLizUUUn6ctLrBT43CHK+4B7KWGiQ@mail.gmail.com> <CAChr6SzT3GqmidPbmVjmrZX=u1UpBee4e8K2C-zHuNHEqgB7uQ@mail.gmail.com>
In-Reply-To: <CAChr6SzT3GqmidPbmVjmrZX=u1UpBee4e8K2C-zHuNHEqgB7uQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 6 Oct 2019 11:25:19 -0700
Message-ID: <CABcZeBOGjPYy9FaOzaf-bHKaoMtXpO0SjQO5RTx9fMUo3r8vUg@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Cullen Jennings <fluffy@iii.ca>, "tls@ietf.org" <tls@ietf.org>, Sean Turner via Datatracker <noreply@ietf.org>, IESG Secretary <iesg-secretary@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000eaa648059442106e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ws5UaLAVYd-GbbawHBa2gNHYuJI>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Oct 2019 18:26:04 -0000

On Fri, Oct 4, 2019 at 7:58 AM Rob Sayre <sayrer@gmail.com> wrote:

>
>
> On Fri, Oct 4, 2019 at 9:48 PM Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>>
>> On Fri, Oct 4, 2019 at 7:43 AM Rob Sayre <sayrer@gmail.com> wrote:
>>
>>> On Fri, Oct 4, 2019 at 9:08 PM Cullen Jennings <fluffy@iii.ca> wrote:
>>>
>>>>
>>>> I do not think you have consensus for that change to WebRTC - it was
>>>> discussed extensively. ...
>>>>
>>>
>>>  While that may be true, readers of this list might want to read a
>>> rationale, rather than just the results of a negotiation. Is there a
>>> rationale somewhere?
>>>
>>> It seems strange to put DTLS 1.0 (based on TLS 1.1) into new documents.
>>>
>>
>> A few points.
>>
>> 1. It doesn't pull it in. There's no reference and there's just an
>> informative statement.
>>
>
> Shouldn't there be an informative reference?
>

To what? Basically, what we had was the personal representations of WG
members that they had products or were aware of products that used DTLS 1.0
only.


>
>> 2. There is a rationale. In fact, the relevant text pretty much is all
>> rationale.
>>
>>    All Implementations MUST support DTLS 1.2 with the
>>    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256
>>    curve [FIPS186 <https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#ref-FIPS186>].  Earlier drafts of this specification required DTLS
>>    1.0 with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, and
>>    at the time of this writing some implementations do not support DTLS
>>    1.2; endpoints which support only DTLS 1.2 might encounter
>>    interoperability issues.
>>
>>
> Yes, I read this section and I was wondering what the rationale was for
> the text: "endpoints which support only DTLS 1.2 might encounter
> interoperability issues." Is there some data behind this? I'm not
> suggesting a change in the draft without more information, but I do wonder
> how the WG came to agree on this text.
>

See above.

-Ekr


> thanks,
> Rob
>
>