Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 02 May 2019 17:03 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 818FD1204B4 for <tls@ietfa.amsl.com>; Thu, 2 May 2019 10:03:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYEbUOTHjKmq for <tls@ietfa.amsl.com>; Thu, 2 May 2019 10:03:16 -0700 (PDT)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5001204A8 for <tls@ietf.org>; Thu, 2 May 2019 10:03:16 -0700 (PDT)
Received: by mail-ot1-x329.google.com with SMTP id r20so2756657otg.4 for <tls@ietf.org>; Thu, 02 May 2019 10:03:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=wklJdNKlg5bvpzksiSRKOudYihh+YoOYhBp+LdxlM5Q=; b=mAq9vnO65oq32HWVBluk77B0BSaM7VFa0tiCzzypzdidFOJFUUT4X6VHDLPkZfa07o h1NNcwfgjA18p4zUdMjngE30nw2h2HO4ArVRtB/uyhGWfvHeYlnVJZLWNuN3X6BPbY7P b5FtduaIHQDAB+Av/i+8oHhyFpBHmXr8j5G09NhjCcvCFc+GcLjaN6v+f9ba0qcFjJ1b ewKmPsyaRGqOfIUwo1cfQ9dHbTARRSpeFG0HGkLkDFRWGi9z/MK8kLImu5ymsh/u+DSL DaUZhq7bwXMYw/8VCy7PERBKLThwzRcIN5H149ijlIP0hxK7XkgIQZVCmogYN8Gn+972 pslQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=wklJdNKlg5bvpzksiSRKOudYihh+YoOYhBp+LdxlM5Q=; b=iuFKujkgNt+tGsYPO02nmucir9l1cxQ80basjUYdPWEtfdziu9Dxw/m8wswgR869Jn DkBgYmMfPNG2UdRUEJrQjjTpb59B/t4/1P2/Zi5WxLWd7ugN3smWvWrvr0TOIjATKBha ajlvmaaICrbURzs9B5Vi5qeXshTUbPdGRVNtBHTWQJrVc9egwPZ3cCF7EwiI+mr6bFdL qkvz+qMyjYe+friQ1IYa1l3RNHSR0FLLu5i3nV4JvpLblKdTPOZggugLlfE1UA+hq0x3 uims9VKIBBXxxko4clb6TNlLtzVyJSyM8kG5cojoDseo6hUny+TAwZ/ez6tVJMSPv4H4 Bh3w==
X-Gm-Message-State: APjAAAV0ZaE6kHkYbuiKkylvjR9wC7F545FjFXJuikvnYeWSO/mUFpZf 4ILd/R15MAEewo0sEHp3ltxeOnWRoMZ10hGu1ljqo7Xv
X-Google-Smtp-Source: APXvYqz4YRBO3uOn42LcOvw1803leDd11cTwDyVkrdwZnyfDT8EueMSjUvpTql2EWrp9+oSd65lGBjQXaRPzjJlmUzM=
X-Received: by 2002:a05:6830:119:: with SMTP id i25mr1832692otp.158.1556816595926; Thu, 02 May 2019 10:03:15 -0700 (PDT)
MIME-Version: 1.0
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <2EF7433E-DB94-497F-80D7-2A060097261B@dukhovni.org>
In-Reply-To: <2EF7433E-DB94-497F-80D7-2A060097261B@dukhovni.org>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 2 May 2019 13:02:38 -0400
Message-ID: <CAHbuEH551KJDkUMV3QRS426ecnqFiM7xHZ1rt3gCCRhbFY7tZg@mail.gmail.com>
To: IETF TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002e44040587ea9c0f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_LsoJLlldThQyoG_sPzfpSEbilk>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 17:03:20 -0000

Victor,

Thank you very much for your work and pushing the points on uses of TLS
outside of web as this is an important point.

On Thu, Apr 25, 2019 at 9:30 PM Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> > On Apr 12, 2019, at 7:28 PM, Christopher Wood <caw@heapingbits.net>
> wrote:
> >
> > This is the working group last call for the "Deprecating TLSv1.0 and
> TLSv1.1” draft available at:
> >
> >
> https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
> >
> > Please review the document and send your comments to the list by April
> 26, 2019.
>
> My concern is whether the time is yet nigh for TLS 1.0 to be disabled
> in opportunistic TLS in SMTP, or whether TLS 1.0 remains sufficiently
> common to cause deprecation to do more harm than good via unnecessary
> downgrades to cleartext.
>
> I don't have survey numbers for SMTP TLS protocol versions across MTAs
> generally to shed light on this, perhaps someone does.  What I do have
> is numbers for those MTAs (not a representative sample) that have DANE
> TLSA records (so presumably a greater focus on security).
>
> The observed version frequencies are approximately:
>
>         TLS 1.0:  1%
>         TLS 1.1:  0%
>         TLS 1.2: 87%
>         TLS 1.3: 12%
>
> essentially regardless of whether I deduplicate by name, IP or name and IP.
> The respective sample sizes are 5435, 6938 and 7959.
>
> So if a DANE-enabled sender were to disable TLS 1.0 today, approximately
> 1% of the destination MX hosts would be broken and need remediation.  These
> handle just of 189 mostly small SOHO domains out of the ~1.1 million total
> DANE SMTP domains, but four handle enough email to show up on the Gmail
> SMTP transparency report:
>
>   tu-darmstadt.de
>   t-2.net
>   t-2.com
>   t-2.si
>
> So on the whole, the draft should proceed, but some caution may be
> appropriate
> outside the browser space, before operators start switching off TLS 1.0
> support.
>
> I don't see an operational considerations section.  Nor much discussion of
> "less mainstream" (than Web browser) TLS application protocols.  Would a
> few
> words of caution be appropriate, or is it expected that by the time the RFC
> starts to change operator behaviour the "market share" of TLS 1.0 will be
> substantially lower than I see today even with SMTP, XMPP, NTTP and the
> like.
>
> [ I would speculate that TLS 1.0's share is noticeably higher among MTAs
>   generally than among the bleeding-edge MTAs that have published DANE TLSA
>   RRs. ]
>

My take on deprecation drafts is that once published, they take time
(years) before there is compliance.  Even with that, we may never achieve
full compliance and older version use continues. We do know that OpenSSL
will continue to support the version that came out last fall for 5 years
from that point in time.  Publication of the draft does not mean support
goes away at that point in time, but provides another push.  If there's a
strong feeling that text should be added, we could, but my preference would
be to leave it to the normal process for deprecation.

Thank you,
Kathleen


> --
>         Viktor.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>


-- 

Best regards,
Kathleen