Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
Daniel Migault <daniel.migault@ericsson.com> Sat, 28 September 2019 02:30 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A1212004D for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 19:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.026, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0HdXm9jCWvx for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 19:30:52 -0700 (PDT)
Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33D58120044 for <tls@ietf.org>; Fri, 27 Sep 2019 19:30:52 -0700 (PDT)
Received: by mail-vs1-f49.google.com with SMTP id y129so2180295vsc.6 for <tls@ietf.org>; Fri, 27 Sep 2019 19:30:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=giJn1MFHEgntamAM9kyMpzRVzAJKX0TwFph859EkC3s=; b=aK9qycw8latVVC+J8fjihF4ej7nkjYGlbWnd/cynqsUZsc+U7jVlVaKyfBohLduIct LwQ1KRD6FPMG4j6uxKF/zD0wJnQK1dPSWZ4BriUEz2UwIdXkIPD1iCfaD75NVdyF9v0a ogcH/Wm8hwkSR9Chy5LlEr5/42MLRYXNW33Q+kJh+Nd7Ju8fQ6tli4VVL9Ofk4j6LzpE AiUxlcA11F4Jt9d8OS0PcFkRty817HWDj7MtwNCMVl0z0G4eoYuuioYIagwc9qzjHTS9 Ms1pVRAkntCcnwK3POK5YCgK9LLbT9CGNqisVKX5Dh2n9eyGV9ZONboiViH0xKyH68ig 1aPw==
X-Gm-Message-State: APjAAAXccuym3sy6S0tPBYhOL9UMthqqUpP74xjxjA437PsJ9ggsZFtC qqZPRBQA+HNT+P1tdyvdcQ3EuRtGdFAkAv58YlU=
X-Google-Smtp-Source: APXvYqw05aLOS8SJSYao8ecUf0vJte77ZvwBbvp+9APJPzMLEf+Q6QWLqtR/vG7lf8+JTjX4pJH7IX/OhFWULFFAtNc=
X-Received: by 2002:a67:fbd8:: with SMTP id o24mr4238727vsr.180.1569637851209; Fri, 27 Sep 2019 19:30:51 -0700 (PDT)
MIME-Version: 1.0
References: <BF5F63A6-105B-47C6-8B65-29A290A16E76@akamai.com> <8B2B78CF-F312-4F7A-8EB1-A712F309A754@gmail.com> <CADZyTknH0ivQc-xW-di1XKC7w-9A5TCF8vhLLCrR9jQbcqY5dw@mail.gmail.com> <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com> <80881fa1-97df-56c9-10c5-f9e754b6cdb6@cs.tcd.ie> <d865244a-9ce8-4d95-b62c-ba52fa198126@www.fastmail.com> <5DFB0BE5-0782-42F6-88B4-7F6F076790F1@akamai.com> <CABcZeBOk=S0M5fbuyV8CjhY55pA_f69J6mD_=mzU7DCbMj_qUg@mail.gmail.com>
In-Reply-To: <CABcZeBOk=S0M5fbuyV8CjhY55pA_f69J6mD_=mzU7DCbMj_qUg@mail.gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 27 Sep 2019 22:30:40 -0400
Message-ID: <CADZyTkkZbCY2JbjZ5NWQXWyOcNQVV4V-2GWTDGTMJ=pU9wBEFw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c24d9059393ca7b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XjmulK0gyuLUDKdE6z_5M2gLLqg>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2019 02:30:54 -0000
I would be more inclined to rephrase the text so that it reflects what we think is ideal rather than what we think is non-ideal. I proposed three edits to encourage to move to - or at least consider moving to TLS 1.3, while still leaving some place for room to stay with TLS 1.2. Yours, Daniel On Fri, Sep 27, 2019 at 1:12 PM Eric Rescorla <ekr@rtfm.com> wrote: > Perhaps we could rewrite this text so that it reflects that we think this > is non-ideal.? > > > > On Fri, Sep 27, 2019 at 9:16 AM Salz, Rich <rsalz@akamai.com> wrote: > >> >> >> On 9/26/19, 11:51 PM, "Martin Thomson" <mt@lowentropy.net> wrote: >> >> On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote: >> > >> """The expectation is that TLSv1..2 will continue to be used for >> > >> many years alongside TLSv1.3.""" >> > >> > So is your proposed change to only remove that sentence? >> >> > wonder if that change really amounts to a worthwhile thing. >> >> > I do. Or I wouldn't have written the email. Do you think that this >> is a valuable statement? I think that it says that the IETF lacks >> confidence in the suitability of TLS 1.3 as a replacement for TLS 1.2. >> >> It is a statement of real-world deployment. I am against removing it. >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Lessons learned from TLS 1.0 and TLS 1.1 de… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Michael Richardson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Martin Thomson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Martin Thomson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Simon Bernard
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Eric Rescorla
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… David Benjamin
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Benjamin Kaduk
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… hannes.tschofenig
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Michael Richardson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Peter Gutmann
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Christopher Wood
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Hannes Tschofenig