Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Joe Abley <jabley@hopcount.ca> Wed, 02 December 2020 17:24 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C91F53A14F8 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 09:24:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rmqLiPGmTA-E for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 09:24:57 -0800 (PST)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A3AE3A1529 for <tls@ietf.org>; Wed, 2 Dec 2020 09:24:57 -0800 (PST)
Received: by mail-io1-xd29.google.com with SMTP id y5so2729747iow.5 for <tls@ietf.org>; Wed, 02 Dec 2020 09:24:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=Jz+0xJgISe28SI+YZriY6QZzTSL0+flJ4j4iXpUNsNQ=; b=l6GWwv5vCFQ1ihOqTN6ojClBjLLg8NaMye6Ha0/NHjLmPe+pz4fCFf/HFY60LJ3YWT 75Vn5cl9oZLB31CGMHx/Nch1IRJB8ASj/xRBFRO2ilEYqGx575rT0Yhpcn6qdyDH3jY+ +2vO0tGVy8saMcak1WyPi6Z/9XlDn4YxmTcnA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=Jz+0xJgISe28SI+YZriY6QZzTSL0+flJ4j4iXpUNsNQ=; b=IKQHjELIMt9FnpF3moz0pKCrmq/mnTOzyKyqG+GjuqW/KJfWslZoJKDXl0MzZZSaa8 Asm20hpERnNsDxBqpYFOGwlwp9yHQDrxvw0t2/DJGgx6IF85UUySslanTFzu10h1Nos6 bSSn0MI3fksHpoR8jVCgCAdHWFhelEGMLlxvcHsPgUaNEWR+bhbbWLVP+Cc8C3kZrTLQ 7kGTOBd5s0q6ChRMdseRGUjIYdNmSInuj3I63dPOP4sJ+WiKKBJmXan405vgWqPHgAID QghCTGgRs0rHOlveqGgNHw8IcCZTaMPkQr174vIBsRjaXNi3w7d8PbBV2/yoWVRUxe89 HtGQ==
X-Gm-Message-State: AOAM532mCwC9oMImNMqTCsAMOje825VMyYGDQuAATJxaeUrXGhg+lZGj 0mxShsDFfeRSuJoEJvegl2bCTA==
X-Google-Smtp-Source: ABdhPJzW9A6ErAGdYTJf2XchD/uUcoYFHjijoAG0AFUNsbCBmxmabb0nrvs8XSkvsa9+tm9gQhIt1w==
X-Received: by 2002:a02:9469:: with SMTP id a96mr3130506jai.86.1606929896141; Wed, 02 Dec 2020 09:24:56 -0800 (PST)
Received: from ?IPv6:2607:f2c0:e784:c7:e869:5a97:957d:b31b? ([2607:f2c0:e784:c7:e869:5a97:957d:b31b]) by smtp.gmail.com with ESMTPSA id a13sm1427666ilh.0.2020.12.02.09.24.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 02 Dec 2020 09:24:54 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-74A21BB6-A055-420D-84A9-27D7729800EE"
Content-Transfer-Encoding: 7bit
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
Date: Wed, 02 Dec 2020 12:24:53 -0500
Message-Id: <E258BE7D-0C05-4F78-91C1-DAB344B5059A@hopcount.ca>
References: <r480Ps-10146i-5D92DBE073F0406BAA96981F436B8E28@Williams-MacBook-Pro.local>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Keith Moore <moore@network-heretics.com>, Eliot Lear <lear@cisco.com>, last-call@ietf.org, tls@ietf.org, draft-ietf-tls-oldversions-deprecate@ietf.org, tls-chairs@ietf.org
In-Reply-To: <r480Ps-10146i-5D92DBE073F0406BAA96981F436B8E28@Williams-MacBook-Pro.local>
To: Bill Frantz <frantz@pwpconsult.com>
X-Mailer: iPad Mail (18B92)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Z0RXhkMDHUQF5W3A7hiKBHB4cq8>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 17:25:03 -0000

Hi Bill,

On Dec 2, 2020, at 11:23, Bill Frantz <frantz@pwpconsult.com> wrote:

> I would like to have a few more examples of "Can't be taken out of production".
> 
> One I think I can address are heart pacemakers. These are imbedded in the patients chests. Upgrading them requires surgery. However, they have a limited lifespan due to their batteries running down, I think we're talking about 10 years or so, so there is a time where upgrade is practical.

I am not an expert in pacemakers, but in 2017 the US FDA found that a particular type of implanted pacemakers were vulnerable to an exploit that was considered serious enough to do something about.

https://www.fda.gov/medical-devices/safety-communications/firmware-update-address-cybersecurity-vulnerabilities-identified-abbotts-formerly-st-jude-medicals

The devices were not replaced through surgery by the manufacturer, St Jude Medical, but instead upgraded in-place using what I have seen described as an RF-based, 3-minute procedure, during which time the device operates in "backup mode". The number of deployed devices that were recommended to be upgraded was estimated by the FDA to be 465,000.

This may not be the example you are looking for.


Joe