IETF Logo Mail Archive

Re: [TLS] How are we planning to deprecate TLS 1.2?

Eric Rescorla <ekr@rtfm.com> Fri, 03 March 2023 18:41 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95E63C1516F2 for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 10:41:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.892
X-Spam-Level:
X-Spam-Status: No, score=-1.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnzbmzIg8qJO for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 10:41:00 -0800 (PST)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB4ADC14F72F for <tls@ietf.org>; Fri, 3 Mar 2023 10:41:00 -0800 (PST)
Received: by mail-pf1-x429.google.com with SMTP id c4so2208396pfl.0 for <tls@ietf.org>; Fri, 03 Mar 2023 10:41:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; t=1677868860; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=wwFY8/8ZQxfAkNAAAl3tYBtkuS9NoHG/1jUgMroaMXw=; b=VaKdXdkG/KQLkxBd0B1rR742E1iNnQE9KLmNDCeoHx3rq+D3hxrDH9y7U0fWSRX/k4 sy30pGxQz+DbVlNwzjIiLFeEZQyGW5q61LoilixE5CFE6QiNCo/tfa0cU0geEhkprfr/ 2F1KJ7hiUc7G63JH4jF+TN6/nhtseS0xkbs/4PhHOzwsUVDXjS4+TBhoJeKi/PKuS1qu 9OAGgfB4EfUmjEW29vQZTD5Mjl1yGCOt4J444QikI9BM05ebBj5aOsMfo0nx7UmYScAN 8Exj9jzMv9DFF9AXU8O/gW2mZDqhw7y3toIGOpt38kZRrrGcNsCQg/qo+mrC7bs+4g2s hRRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677868860; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wwFY8/8ZQxfAkNAAAl3tYBtkuS9NoHG/1jUgMroaMXw=; b=OnjBlv/AkHwz/TW3aTRZQtWW0baiGpGJMLvbuRaBQTernqk8euuf2IA2H1mhfqrQKF qBaRAkG2Y5kuItWx4m0S+jSkbnivQ/OWDqtfbSSHe9q7qwrfmQ6guxJKL64gR096Crml U7haMl6VFNCj9t+tvSpl9gHPtdq486nYaXV93u9dHp4ccY0uPFS8rGlYpiEmuft1a2vR wmqUYU22I+RIn6Y7BjbcdGFAkN2qMb9UUiY8WtgrGjmfHaby0vaDuWOEyQKq4HnYrGU+ x4njkV3EcMgpcufoPBAWUS3h+I7tJcL04y/Jn/iqpLWgF0QC+ehe7kVT+ck5AllN7DRd b1Lw==
X-Gm-Message-State: AO0yUKXWRxXgHQdUXJ/NCF6xiqebrOxzuD1SK5fQpV5HT4APf2yCiKr2 dLOOxoIteGNbayhz0ENQWZzonR3gfVeIELl+tGjcpSTMyUocgw==
X-Google-Smtp-Source: AK7set8ta19GFo+IsoLsustZR5EbfuJ/aFO6sOQ7BYcHHhxuIsq4Gau5vHDOug6AnJZwX0ZWJ4Pqi5rxVDDIZpJPToo=
X-Received: by 2002:a63:9318:0:b0:503:917e:c0a3 with SMTP id b24-20020a639318000000b00503917ec0a3mr840396pge.2.1677868859670; Fri, 03 Mar 2023 10:40:59 -0800 (PST)
MIME-Version: 1.0
References: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com>
In-Reply-To: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 03 Mar 2023 10:40:23 -0800
Message-ID: <CABcZeBORp+jpXe6pU+7bhn7wXwRuzvCiyjdYMf_nWkwt7jhpDw@mail.gmail.com>
To: Nimrod Aviram <nimrod.aviram@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005c5a5f05f603496b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Z3mUvenjzQQRILYX0Fb7R0ogc9s>
Subject: Re: [TLS] How are we planning to deprecate TLS 1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2023 18:41:01 -0000

Nimrod,

Thanks for bringing this up. I don't think we really have had much of a
discussion.

I *do* think we should be thinking about deprecating TLS 1.2 at some point,
not so much because
it is bad (though of course we believe TLS 1.3 is better)  but because it's
better to just have
one thing that we work on and not have to reason about/work on TLS 1.2. And
of course, we really
don't want to have to do major work on TLS 1.2, e.g. for Post-Quantum.

I don't have strong feelings about the timeline.

-Ekr




On Fri, Mar 3, 2023 at 10:18 AM Nimrod Aviram <nimrod.aviram@gmail.com>
wrote:

> Hi Everyone,
>
> We’ve recently had a brief side discussion around the issue of letting
> vendors (or operators) know when something is expected to be deprecated:
> https://mailarchive.ietf.org/arch/msg/tls/Djk35kp5P5Z1WfmN8_OJj_eYRLo/
>
> Currently, there is no expected deprecation timeline for any specific
> primitive or protocol version. As one example, it seems like we plan to
> deprecate RSA key exchange in TLS 1.2 soon (as part of
> draft-ietf-tls-deprecate-obsolete-kex). However, so far we did not
> explicitly communicate this to vendors, and it seems like vendors either
> have to follow the mailing list and deduce the likelihood of an upcoming
> deprecation, or face a deprecation RFC at some random point in time (from
> their point of view).
>
> And whatever the specifics of RSA key exchange deprecation, this will
> likely not be the last time we deprecate something :-)
>
> Specifically, we will have to decide when/if to deprecate version 1.2 of
> TLS within, say, the next 20 years.
>
> One possible solution is to publish “expected deprecation timeline”
> documents:
> Let’s fix some timeframe which “is enough for everyone to upgrade at least
> once” (famous last words, I know). I think of this timeframe as 3 or 5
> years, but it could as well be 8 or 10 years, and this solution would still
> be viable; let’s denote the number of years as X. So, an “expected
> deprecation timeline” document could specify that within X years,
> implementations MUST support TLS 1.3, and within 2X years, implementations
> MUST NOT support TLS 1.2. (If X=8 years, then we specify that by 2031
> implementations MUST support TLS 1.3, and by 2039 implementations MUST NOT
> support TLS 1.2.) This would clarify the WG’s expectations to vendors, and
> would save the WG valuable time discussing whether enough implementations
> in the field support the new protocol/primitive.
>
> Is there interest here in such a solution?
>
> Credit where it’s due: This is based on an idea I heard from Dan Bernstein
> - thanks Dan.
>
> Best,
> Nimrod
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email