Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Cullen Jennings <fluffy@iii.ca> Fri, 04 October 2019 14:08 UTC

Return-Path: <fluffy@iii.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ED8F120071; Fri, 4 Oct 2019 07:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id es-yW6GlXt4M; Fri, 4 Oct 2019 07:08:07 -0700 (PDT)
Received: from smtp69.iad3a.emailsrvr.com (smtp69.iad3a.emailsrvr.com [173.203.187.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1518012004C; Fri, 4 Oct 2019 07:08:06 -0700 (PDT)
X-Auth-ID: fluffy@iii.ca
Received: by smtp33.relay.iad3a.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id 4196B54AC; Fri, 4 Oct 2019 10:08:05 -0400 (EDT)
X-Sender-Id: fluffy@iii.ca
Received: from [10.1.3.91] (d75-155-57-73.abhsia.telus.net [75.155.57.73]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Fri, 04 Oct 2019 10:08:06 -0400
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com>
Date: Fri, 4 Oct 2019 08:08:04 -0600
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Sean Turner <sean@sn3rd.com>, Sean Turner via Datatracker <noreply@ietf.org>, IESG Secretary <iesg-secretary@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Transfer-Encoding: quoted-printable
Message-Id: <149BDA3C-14CF-459F-90D4-5F53DBEF9808@iii.ca>
References: <156172485494.20653.307396745611384846.idtracker@ietfa.amsl.com> <989F828F-B427-47A6-A114-4EAEA67D43D7@ericsson.com> <CABcZeBOCzwLDEUyiqkDG0Qqaf652_+j1KBsJQJcJk2Lew_9wCw@mail.gmail.com> <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_40ynKyNN81PYrmRIRzKnQKJ7YA>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2019 14:08:09 -0000

I do not think you have consensus for that change to WebRTC - it was discussed extensively. I would just leave things as they are. 


> On Oct 2, 2019, at 8:45 AM, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:
> 
> Hi,
> 
> Sean Turner wrote:
>> "You can change the text, but I do not believe it will change the implementations."
> 
> I would much rather have a future proof RFC that forbids negotiation of DTLS 1.0 with the knowledge that some implementations will temporary violate that, than having an RFC that long time in the future allows negotiation and use of DTLS 1.0.
> 
> 
> Eric Rescorla wrote:
>> "result of some pretty extensive discussion and compromising in rtcweb"
> 
> That does not surprise me, but I think that is part of the problem. These things should mainly be decided by the TLS working group. Draft-ietf-rtcweb-security-arch mandated DTLS 1.0 until Nov 2018. That is half a year after the "Deprecating TLSv1.0 and TLSv1.1" draft was submitted and almost 7 years after DTLS 1.0 was made obsolete.
> 
> 
> No matter what is done in this particular case, I think the important thing to discuss is how we avoid drafts that only support obsolete versions of TLS/DTLS in the future. According to my understanding of the comments in the thread "Lessons learned from TLS 1.0 and TLS 1.1 deprecation", both me, Kathleen Moriarty, and Martin Thomson understands obsoleted as:
> 
> "New implementations and deployments MUST include support of the new version".
> 
> If this is not clearly defined somewhere, I think it needs to be specified. If it is specified somewhere, IETF needs to make sure to follow apply it.
> 
> Cheers,
> John 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls