Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt

"Salz, Rich" <rsalz@akamai.com> Mon, 09 July 2018 18:42 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E2C4131051 for <tls@ietfa.amsl.com>; Mon, 9 Jul 2018 11:42:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 355SwQMhZdlN for <tls@ietfa.amsl.com>; Mon, 9 Jul 2018 11:42:37 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7245F130F03 for <tls@ietf.org>; Mon, 9 Jul 2018 11:42:37 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w69IgFm2021505; Mon, 9 Jul 2018 19:42:36 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=FYGxxM4FS3qtcNpZISgMsB+b7gxdYCRRvUg4vn+mzl8=; b=IhtSJ+nempdXx3kuTaSGG2w9zpq5/zVQh0m1ljg7EVKF4sWmNNEZWLNekT9uFx5vwUC9 J3ehDtzYLv47sQVKRTSpi1lyosLTuZtk6xsARhP4N4cm/NQWSwmFX0ojqPx5NHCwsMVP HmkEHVtL17BuWso0zlGlvM7TmO2Q7mVQSXewRfBIn1LUNxmoq1ZLaHC3SlHENSdv47Ht UxGEldWP/jnCh7sKOAUR0EcQT8a7LPyVwqV7WKxNgRWEkPMcNh08IYJwWZVpLoefU0o/ AhwkhneaWCeo20V3FhOWuYC6njAFu+ouOrUN6TkJ2zkdcIP1JbD0e+lyqpd+TR60w1qr QQ==
Received: from prod-mail-ppoint3 (a96-6-114-86.deploy.static.akamaitechnologies.com [96.6.114.86] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2k2pb1xbv9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 09 Jul 2018 19:42:36 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w69IZIGD009394; Mon, 9 Jul 2018 14:42:35 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint3.akamai.com with ESMTP id 2k2ruvq5n4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 09 Jul 2018 14:42:33 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Mon, 9 Jul 2018 14:42:26 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Mon, 9 Jul 2018 14:42:26 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
Thread-Index: AQHUF6PG+cob+lmdCEitxYvNmL6MC6SHOd8A
Date: Mon, 09 Jul 2018 18:42:25 +0000
Message-ID: <0222419E-A87A-4781-A981-DA95ADD6A550@akamai.com>
References: <152934875755.3094.4484881874912460528.idtracker@ietfa.amsl.com> <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com>
In-Reply-To: <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.e.1.180613
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.39.92]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C94760A581BC8E4CB588196D7AC63958@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-09_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807090210
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-09_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807090211
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_66-sTl8xQCmVQ5PrRiktAXNlDw>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 18:42:40 -0000

FWIW, The next release of OpenSSL is an LTS release and will be supported for five years.  It disables SSLv3 by default, but does enable TLS1.0 and TLS1.1 by default.  (It also includes TLS1.3, nudge nudge RFC editor queue.)



On 7/9/18, 12:42 PM, "Kathleen Moriarty" <kathleen.moriarty.ietf@gmail.com> wrote:

    Hello,
    
    Stephen and I posted the draft below to see if the TLS working group
    is ready to take steps to deprecate TLSv1.0 and TLSv1.1.  There has
    been a recent drop off in usage for web applications due to the PCI
    Council recommendation to move off TLSv1.0, with a recommendation to
    go to TLSv1.2 by June 30th.  NIST has also been recommending TLSv1.2
    as a baseline.  Applications other than those using HTTP may not have
    had the same reduction in usage.  If you are responsible for services
    where you have a reasonable vantage point to gather and share
    statistics to assess usage further, that could be helpful for the
    discussion.  We've received some feedback that has been incorporated
    into the working draft and feelers in general have been positive.  It
    would be good to know if there are any show stoppers that have not
    been considered.
    
    https://github.com/sftcd/tls-oldversions-diediedie
    
    Thanks in advance,
    Kathleen
    
    
    ---------- Forwarded message ----------
    From:  <internet-drafts@ietf.org>
    Date: Mon, Jun 18, 2018 at 3:05 PM
    Subject: New Version Notification for
    draft-moriarty-tls-oldversions-diediedie-00.txt
    To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty
    <Kathleen.Moriarty.ietf@gmail.com>
    
    
    
    A new version of I-D, draft-moriarty-tls-oldversions-diediedie-00.txt
    has been successfully submitted by Stephen Farrell and posted to the
    IETF repository.
    
    Name:           draft-moriarty-tls-oldversions-diediedie
    Revision:       00
    Title:          Deprecating TLSv1.0 and TLSv1.1
    Document date:  2018-06-18
    Group:          Individual Submission
    Pages:          10
    URL:
    https://www.ietf.org/internet-drafts/draft-moriarty-tls-oldversions-diediedie-00.txt
    Status:
    https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/
    Htmlized:
    https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
    Htmlized:
    https://datatracker.ietf.org/doc/html/draft-moriarty-tls-oldversions-diediedie
    
    
    Abstract:
       This document [if approved] formally deprecates Transport Layer
       Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves
       these documents to the historic state.  These versions lack support
       for current and recommended cipher suites, and various government and
       industry profiiles of applications using TLS now mandate avoiding
       these old TLS versions.  TLSv1.2 has been the recommended version for
       IETF protocols since 2008, providing sufficient time to transition
       away from older versions.  Products having to support older versions
       increase the attack surface unnecessarily and increase opportunities
       for misconfigurations.  Supporting these older versions also requires
       additional effort for library and product maintenance.
    
       This document updates the backward compatibility sections of TLS RFCs
       [[list TBD]] to prohibit fallback to TLSv1.0 and TLSv1.1.  This
       document also updates RFC 7525.
    
    
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.
    
    The IETF Secretariat
    
    
    
    -- 
    
    Best regards,
    Kathleen
    
    _______________________________________________
    TLS mailing list
    TLS@ietf.org
    https://www.ietf.org/mailman/listinfo/tls