[TLS] Products supporting TLS 1.0 & some other high-level questions

Watson Ladd <watsonbladd@gmail.com> Mon, 06 October 2014 02:22 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6024A1A02F9 for <tls@ietfa.amsl.com>; Sun, 5 Oct 2014 19:22:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ou6QbxXbwAvD for <tls@ietfa.amsl.com>; Sun, 5 Oct 2014 19:22:22 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04A771A00F9 for <tls@ietf.org>; Sun, 5 Oct 2014 19:22:21 -0700 (PDT)
Received: by mail-yk0-f169.google.com with SMTP id 10so1633819ykt.28 for <tls@ietf.org>; Sun, 05 Oct 2014 19:22:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=X6sgCm4i8zoziS+lPSga4Za8Y45ucffD1YchZqMCvC0=; b=I8XbnhQll6d3kUEuJD9kx4AO9NQxxpCwcsVt/voRApcilbA6n1t4jfUm0WEPYb0eKx WmbnKkhnUMb3ZqXAXM7+bB84vXX/TjFjVkckhxKEnX9b8Mf9zy3Vk+xXzzPGExNKemDR NEfjIUsLTPT06L2rDLTZWxZL6CJ7jLKIP+iRaORmKUohjMUaa3HU7RO5xx0ar7uOtVDD WZdCbBvMKq25JszwqWjW+TPpjUD3Kx7vjJMS6w/ZJP3UHnQH26oFiXkwJuYRirKydhRs 3XqGV+m0DVFHKluxH/cSb3EZJ0byCXOYY2nIRXzJH/MsirCsq9AF6VmoKmXqVzne9s8H CATA==
MIME-Version: 1.0
X-Received: by 10.236.133.11 with SMTP id p11mr32362056yhi.51.1412562141279; Sun, 05 Oct 2014 19:22:21 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Sun, 5 Oct 2014 19:22:21 -0700 (PDT)
Date: Sun, 5 Oct 2014 19:22:21 -0700
Message-ID: <CACsn0c=kDE1mS_jksKtrOOgWLgcocB+chBsdsFZggSJZDvwhwg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_ZsUWutc_suX-h40oSobtvQcZuk
Subject: [TLS] Products supporting TLS 1.0 & some other high-level questions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 02:22:23 -0000

Is the prefered path
-Adoption of TLS 1.3
-Adoption of TLS 1.2+session_hash fix
-Indefinite support for TLS 1.0 plus multiple, not widely deployed fixes.

The answer to this question affects how complex we force minimal
implementations of TLS 1.3 to be.

The other high level question is tying to X509. The current draft
requires the server and client to be identified by X509 certificates.
While this repeats what previous versions have done, X509 is not a
perfect match for all uses.

Sincerely,
Watson Ladd