Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation

"Christopher Wood" <caw@heapingbits.net> Sat, 05 October 2019 11:55 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C223120145 for <tls@ietfa.amsl.com>; Sat, 5 Oct 2019 04:55:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=Sdfqosax; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=q8EM1ekI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zgBMZO30Y3UG for <tls@ietfa.amsl.com>; Sat, 5 Oct 2019 04:55:53 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 621B2120113 for <tls@ietf.org>; Sat, 5 Oct 2019 04:55:53 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 8F1D42210D for <tls@ietf.org>; Sat, 5 Oct 2019 07:55:52 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Sat, 05 Oct 2019 07:55:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=spHphFvg+L67We9R3J+jf0C1hlpoUoL 52yIFU0c0fbQ=; b=SdfqosaxCizT34VV5CIkorJVCuLHBS7cEvOAAHNpuHWwdBi Q8QF4gqXCnTdIHz8QIjOeFQlrPD69bYIIqTbYFT6MuNS6DsDllGzEEXJnqQRT9N1 4gfv5AbX54Vs1PP+2oS+lPEXlTSQojzhTfh7A8PefNcECcKT7UVWj/a1CPdZdXSQ V3sbOMrNVJFooTkR/E0LOqj+ls6caw1eq+aZph8lN7uHZI1oY3ooS5THPoFMAgyo iMGJbALBlAkLTjpudlwVfWxgA4A+d3d3bW6HitKBovZGG9tyD7mbZOb6LZm/gKTI O18HMsPpQ++VhYiXtomHc3mBQqv8bJK7HER/t1g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=spHphF vg+L67We9R3J+jf0C1hlpoUoL52yIFU0c0fbQ=; b=q8EM1ekI4VUy3rrTAaroNe A+zZIbGipUBgyYYI/gMVZwtL2Fo/CPeu0Fg3jE85dUXsGQrnJDclXgq0kpg5ICsP /PR6yrAAAG6A/0QLm54JoMo/tAemSyYMgdoIHFsdSgsOe0oIgAbwvSe21+W8TAxB KqM7bpKynTblKmIOxzwdcrYnsCmdGaLuIwNm0cgl0A8oyL/K4pETp2xzGmWHdw7x mmYf5pBGBL1yO9F3/leJUV1vwKfONMffxwEq4VtetEaFPR7Rvg0f3yNt+2T3sb5g q5uTuGD2wKjmwgxy4mjcUrsRTBXDtEyZe3UP+Gu78nwwVVELgbGzUrBlw3zqBw+Q ==
X-ME-Sender: <xms:x4SYXXJtpFhqTAY3dCDoPWNZ5cOEWWUDbwngV1AnG0ZbwBpqpyKmKw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrheefgdegiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehgihhthhhusgdrtghomh enucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgv thenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:x4SYXQtlIu2u62T1tF9GRsNDQAfW0TD85QtqEIiJzmlkIjrKxzG5Ew> <xmx:x4SYXZRv4qJkhvqtbgfoD5n3jga7M4gvieQuqXm7mk62NtyaAgiYPw> <xmx:x4SYXRS4nt54FHVhUKczf30bxIS6Z-Ph4i-glqap8jienBCX701YbA> <xmx:yISYXQY_vBHkJKPtjl2v4N-COc40Yw-UDREsaMSxdlTqrEVKItcVkQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D62F03C00A1; Sat, 5 Oct 2019 07:55:51 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-360-g7dda896-fmstable-20191004v2
Mime-Version: 1.0
Message-Id: <c3f98e9c-b641-47e4-9665-765189365e2a@www.fastmail.com>
In-Reply-To: <77112123-822b-0aaa-6cc7-159167637916@cs.tcd.ie>
References: <BF5F63A6-105B-47C6-8B65-29A290A16E76@akamai.com> <8B2B78CF-F312-4F7A-8EB1-A712F309A754@gmail.com> <CADZyTknH0ivQc-xW-di1XKC7w-9A5TCF8vhLLCrR9jQbcqY5dw@mail.gmail.com> <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com> <80881fa1-97df-56c9-10c5-f9e754b6cdb6@cs.tcd.ie> <d865244a-9ce8-4d95-b62c-ba52fa198126@www.fastmail.com> <77112123-822b-0aaa-6cc7-159167637916@cs.tcd.ie>
Date: Sat, 05 Oct 2019 04:55:31 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YClKLtIzdVZkwIImqvZaOIDW3yc>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Oct 2019 11:55:55 -0000

On Fri, Sep 27, 2019, at 1:45 AM, Stephen Farrell wrote:
> 
> 
> On 27/09/2019 04:50, Martin Thomson wrote:
> > On Fri, Sep 27, 2019, at 10:52, Stephen Farrell wrote:
> >>>> """The expectation is that TLSv1.2 will continue to be used
> >>>> for many years alongside TLSv1.3."""
> >> 
> >> So is your proposed change to only remove that sentence?
> > 
> > I just checked, and it seems like the only thing the document says
> > along these lines, so yeah.
> 
> Grand so. Like I said I don't think it's a biggie so I've
> commented out that sentence in the GH version. [1]
> 
>  [1]
> https://github.com/tlswg/oldversions-deprecate/blob/master/draft-ietf-tls-oldversions-deprecate.txt
> 
> BTW - for the chairs/AD - how are we doing on getting IETF LC under
> way? I realise the world won't end if this isn't super-fast but it's
> been 3 months since publication was requested which seems like a bit
> of a while.

Sorry, Stephen! I missed this question. It's in Ben's queue at the moment. Hopefully it'll go up to LC soon (and, in my opinion with no hat, with this proposed sentence removal).

Best,
Chris