Re: [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

tom petch <daedulus@btconnect.com> Tue, 10 November 2020 11:30 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D6133A0844; Tue, 10 Nov 2020 03:30:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u4opS3wNvBfk; Tue, 10 Nov 2020 03:30:55 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80099.outbound.protection.outlook.com [40.107.8.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48A573A0829; Tue, 10 Nov 2020 03:30:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fPdRema77go4/yWhssf95xVe4hHeAYt8xt2RRlZKEWnIDWmzYWOhJghGC+/FL1Mxwe7D8GWB9qDHGdOU6kZgitinx+Rnm1ythgmCr0wmrVbSSGfEvU430luJAQdax6EEH2EZZLnMbxgc9jvXWb7mtcszCKxo96Z62Fv0qY01dQIoe4qZxm1tTjOj/GjPVXwxoJL/LDa4r0/zl/GEh0PuaoJbP4x+3qNGj4PIpRzoJx3JVJL9p/5cvC+mMzzRS2hgZHYbZ0RYtEYjo/9pze5SAtPHTglxd547/jtbh7h2xcX/APuUOvjTnGHLcEir3u53VidQ89bGQg3KEPqrqfFbzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pcgtBidMluVM382fk1bmPwQEKp7CD9JzScnU5Xca6gU=; b=IqPbmtlcF3M8YUxFbPTmD5LBe/z62q8H/Qek2bBFBM5tpV7k4byoW3I0XCpSweSqinot6IDNDKVjEJtMmA6n3tQobi41TiaiDax+4+Ud4VpXbq4bKsB28e8nKkfhqUxaWunfq3ImXIehKksKM0mWaGk6kCZNtXD4UY30/mZR7dsyNZyfuatTCDoHK4ev8P9pTvdnQLTJXnnjHDREYDxRQFd6zz9UaVcPd93G88q/+gfuzTZsU4MG4YCmlMyr+vIGv/Pvghebkm0uggXzLFEtQVPGKpsxDzAifd15iO8j4oj8J6m5NNlCYWs0Rnip+sV6dKNiDkWM1TCzLeaQ3hNa/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pcgtBidMluVM382fk1bmPwQEKp7CD9JzScnU5Xca6gU=; b=EzhkMnEvBIm5z7pLX0/LP4pEyH+faZ2+bGPtzChA+5TaDF0fNXPXDXLwaLc8WYCY//xatuFtTqH8qRG5QyuBCOCNw7tqik+/Op7fyTvPRTrc9cdzvIJTzGo7Mzw8mClW3dCm1x5nv5l7H+O2uCEylIiWCIqF+oNf8CBj7jxhDgU=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR0701MB2541.eurprd07.prod.outlook.com (2603:10a6:800:6c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.15; Tue, 10 Nov 2020 11:30:53 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6407:6ea2:f517:eeae]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6407:6ea2:f517:eeae%7]) with mapi id 15.20.3564.021; Tue, 10 Nov 2020 11:30:52 +0000
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, last-call@ietf.org
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <5FAA69AB.4090802@btconnect.com> <754d1831-e44f-0299-dcd1-24a311e8c442@cs.tcd.ie>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, tls-chairs@ietf.org, draft-ietf-tls-oldversions-deprecate@ietf.org, tls@ietf.org
From: tom petch <daedulus@btconnect.com>
Message-ID: <5FAA79E6.4060401@btconnect.com>
Date: Tue, 10 Nov 2020 11:30:46 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <754d1831-e44f-0299-dcd1-24a311e8c442@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P265CA0234.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:b::30) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P265CA0234.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:b::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3541.25 via Frontend Transport; Tue, 10 Nov 2020 11:30:52 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 63d7b34e-c258-4acd-a247-08d8856c14f4
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2541:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB254178E9BC6C8F5D80C8913CC6E90@VI1PR0701MB2541.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: FtkVvRrHMxMGAKhiqGuMW3u04LmPPR3yolVdDVlefgZGrmmUfN9IDfq6fk9BlQXyf5tA5MdA80lDFVNLns7wcULNxWrRExHIRtladoVh6BaCRJ1Z1wEys5Q6pyL5pcVoQmB/+biirhravPCwehlAYqCqu/LsYlDdg6ihXbXxvwi8x0kIJXjTdlfgdrYYtRvmser1+I8uBdA60oaQ0859B88iECM49tWxDSzlPF/WCYIStVeX0eduDVyVtbP9bP7w29Bhzgg80pwHJn4klFuBioDjUyZH/3h6HHq6IWzRMnkFAhuUXo46W6hGz83iK8dYTgcznKcfisHUZSeep+umyQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(366004)(346002)(396003)(39860400002)(136003)(8936002)(53546011)(36756003)(6666004)(83380400001)(87266011)(26005)(16526019)(2906002)(33656002)(4001150100001)(66946007)(66556008)(956004)(66476007)(316002)(4326008)(2616005)(6486002)(478600001)(8676002)(52116002)(16576012)(5660300002)(86362001)(186003); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: K9ENZIW+aZzObSk6NiyPj/mgdBSZfPF3sQHjEujC1BLKc/SYQW/hPXFovfnDt6L8pF3TFvGAIJbF/miyNOYVRpyUM7Dnk0UNr/CJrFhfLa8vrbb6eO5k7phdwQ2nZKu595aZEzLiIRssjHGcvcoUo3cyHdvdqqAm060Dv+eEBJ5yVfUrTOmaQK0JpwQFLoyqVxMNheGd9sjIpgwGiRDQF7jR3KeZKpVR4bviswJRW5bhNahfeuCXO5J7i6IBPOYgr6MxwsE8V1zkXUN/zkvtJYiPq2lp7XbYx6wSrUXzlIrwB1jSmrq2o7q4YOzwqSAbeDdqnGL4MRnFQN15QhA/go66Gzi0mta/y37d27AY5lst0Fnrd4iWh2CFjkFbxKpdUUizDtU7+09FsDytwt6uowMH1YWJgvg3vMhQU4NCUd4edXDW43RTQ8u5ZyqGbi+n+eqGYKJa8617TA4TjiR6kVkOjrNWY21nEJe4soulKuDf1tG+oNb4YIbIL5oS4I7a0xU8GP9G6Fwz4WvnVDUnKizmpI3SNlOfCF2ukCm+Soz7R/8YXLh828dHjs/nzYynOzyi+6c5tFxshrPmRnJxPJtHBpkJVySpzvQ7OF1Rv7GtHCoK9IWNgYmYUni9YKvhXeRwBxCW4CZpORs7EykvZQ==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 63d7b34e-c258-4acd-a247-08d8856c14f4
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2020 11:30:52.9206 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: eO60xtM0KeYdhA2MJtiTvZ8lg7rjROqOMtW1ekCv2a+QCJPIemO0hkmde2hZ+7qJ3bsj1TmFPUuM2fzKzPvtPw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2541
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_T6K5lMPKghZVo6V-Mg1tfhnaE8>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 11:30:57 -0000

On 10/11/2020 11:18, Stephen Farrell wrote:
>
> Hiya,
>
> On 10/11/2020 10:21, tom petch wrote:
>> I am confused about the treatment here of DTLS.
>>
>> The Abstract seems clear about the proposed action for TLS but then
>> the second paragraph has
>> " This document also deprecates Datagram TLS (DTLS) version 1.0
>> (RFC6347)"
>>
>> Mmmm, really?
>
> Sorry, I don't understand the comment. If you're just teeing
> up what's below that's fine, but I wasn't sure.

Try looking at the I-D References and see what you find for RFC6347 and 
see if you want to deprecate it!

>> There is a list of current RFC that Normatively reference the
>> deprecated versions of DTLS and TLS; and then a list of obsolete RFC
>> that Normatively reference TLS but for DTLS...?  I look, for example,
>> for RFC5953 which is
>> obsolete and which Normatively references DTLS 1.0 but without
>> success; nor can I find RFC6353 which is current and which Normatively
>> references DTLS 1.0 (and which is part of a STD - not sure what that
>> does to the Standard)
>
> Could be we missed some references for sure. An early
> version of those lists was produced from a script I wrote
> and those were edited as people commented - I always
> figured we'd make that better when getting comments at
> IETF LC.
>
> Is the gist of your comment then "add 6353 and 5953 to
> the relevant lists" (which'd be fine by me) or that we
> need to do something else/more? (In the latter case, I'm
> not sure what you're suggesting so clarifying that'd be
> good.)

I was not looking for anything missing but, even so, came across these 
two without even looking so I am suspecting that the algorithm you used 
did not cater for DTLS 1.0, perhaps when it is in combination with TLS 
or some such, as it is in these two cases, and that there will be more 
out there that have been missed.  Perhaps a second look at the algorithm 
to work out why these got missed to get a fix on how many more there may be.

Tom Petch


>> And, in several places
>> /supercede/supersede/
>
> One for the RFC editor I guess. But sure, will make 'em
> all the same:-)
>
> Thanks,
> S.
>
>>
>> Tom Petch
>>
>>
>> On 09/11/2020 22:26, The IESG wrote:
>>>
>>> The IESG has received a request from the Transport Layer Security WG
>>> (tls) to
>>> consider the following document: - 'Deprecating TLSv1.0 and TLSv1.1'
>>>    <draft-ietf-tls-oldversions-deprecate-09.txt> as Best Current
>>> Practice
>>>
>>> The IESG plans to make a decision in the next few weeks, and solicits
>>> final
>>> comments on this action. Please send substantive comments to the
>>> last-call@ietf.org mailing lists by 2020-11-30. Exceptionally,
>>> comments may
>>> be sent to iesg@ietf.org instead. In either case, please retain the
>>> beginning
>>> of the Subject line to allow automated sorting.
>>>