IETF Logo Mail Archive

Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation

Daniel Migault <daniel.migault@ericsson.com> Sat, 28 September 2019 02:30 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A1212004D for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 19:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.026, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0HdXm9jCWvx for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 19:30:52 -0700 (PDT)
Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33D58120044 for <tls@ietf.org>; Fri, 27 Sep 2019 19:30:52 -0700 (PDT)
Received: by mail-vs1-f49.google.com with SMTP id y129so2180295vsc.6 for <tls@ietf.org>; Fri, 27 Sep 2019 19:30:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=giJn1MFHEgntamAM9kyMpzRVzAJKX0TwFph859EkC3s=; b=aK9qycw8latVVC+J8fjihF4ej7nkjYGlbWnd/cynqsUZsc+U7jVlVaKyfBohLduIct LwQ1KRD6FPMG4j6uxKF/zD0wJnQK1dPSWZ4BriUEz2UwIdXkIPD1iCfaD75NVdyF9v0a ogcH/Wm8hwkSR9Chy5LlEr5/42MLRYXNW33Q+kJh+Nd7Ju8fQ6tli4VVL9Ofk4j6LzpE AiUxlcA11F4Jt9d8OS0PcFkRty817HWDj7MtwNCMVl0z0G4eoYuuioYIagwc9qzjHTS9 Ms1pVRAkntCcnwK3POK5YCgK9LLbT9CGNqisVKX5Dh2n9eyGV9ZONboiViH0xKyH68ig 1aPw==
X-Gm-Message-State: APjAAAXccuym3sy6S0tPBYhOL9UMthqqUpP74xjxjA437PsJ9ggsZFtC qqZPRBQA+HNT+P1tdyvdcQ3EuRtGdFAkAv58YlU=
X-Google-Smtp-Source: APXvYqw05aLOS8SJSYao8ecUf0vJte77ZvwBbvp+9APJPzMLEf+Q6QWLqtR/vG7lf8+JTjX4pJH7IX/OhFWULFFAtNc=
X-Received: by 2002:a67:fbd8:: with SMTP id o24mr4238727vsr.180.1569637851209; Fri, 27 Sep 2019 19:30:51 -0700 (PDT)
MIME-Version: 1.0
References: <BF5F63A6-105B-47C6-8B65-29A290A16E76@akamai.com> <8B2B78CF-F312-4F7A-8EB1-A712F309A754@gmail.com> <CADZyTknH0ivQc-xW-di1XKC7w-9A5TCF8vhLLCrR9jQbcqY5dw@mail.gmail.com> <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com> <80881fa1-97df-56c9-10c5-f9e754b6cdb6@cs.tcd.ie> <d865244a-9ce8-4d95-b62c-ba52fa198126@www.fastmail.com> <5DFB0BE5-0782-42F6-88B4-7F6F076790F1@akamai.com> <CABcZeBOk=S0M5fbuyV8CjhY55pA_f69J6mD_=mzU7DCbMj_qUg@mail.gmail.com>
In-Reply-To: <CABcZeBOk=S0M5fbuyV8CjhY55pA_f69J6mD_=mzU7DCbMj_qUg@mail.gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 27 Sep 2019 22:30:40 -0400
Message-ID: <CADZyTkkZbCY2JbjZ5NWQXWyOcNQVV4V-2GWTDGTMJ=pU9wBEFw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c24d9059393ca7b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XjmulK0gyuLUDKdE6z_5M2gLLqg>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2019 02:30:54 -0000

I would be more inclined to rephrase the text so that it reflects what we
think is ideal rather than what we think is non-ideal. I proposed three
edits to encourage to move to - or at least consider moving to TLS 1.3,
while still leaving some place for room to stay with TLS 1.2.

Yours,
Daniel

On Fri, Sep 27, 2019 at 1:12 PM Eric Rescorla <ekr@rtfm.com> wrote:

> Perhaps we could rewrite this text so that it reflects that we think this
> is non-ideal.?
>
>
>
> On Fri, Sep 27, 2019 at 9:16 AM Salz, Rich <rsalz@akamai.com> wrote:
>
>>
>>
>> On 9/26/19, 11:51 PM, "Martin Thomson" <mt@lowentropy.net> wrote:
>>
>>     On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
>>     > >> """The expectation is that TLSv1..2 will continue to be used for
>>     > >> many years alongside TLSv1.3."""
>>     >
>>     > So is your proposed change to only remove that sentence?
>>
>>     > wonder if that change really amounts to a worthwhile thing.
>>
>> >    I do.  Or I wouldn't have written the email.  Do you think that this
>> is a valuable statement?  I think that it says that the IETF lacks
>> confidence in the suitability of TLS 1.3 as a replacement for TLS 1.2.
>>
>> It is a statement of real-world deployment.  I am against removing it.
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email