IETF Logo Mail Archive

Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation

John Mattsson <john.mattsson@ericsson.com> Tue, 01 October 2019 08:00 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86F5C1200FE for <tls@ietfa.amsl.com>; Tue, 1 Oct 2019 01:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORWxE8ICof8J for <tls@ietfa.amsl.com>; Tue, 1 Oct 2019 01:00:14 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0610.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe02::610]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C598F1200FF for <tls@ietf.org>; Tue, 1 Oct 2019 01:00:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jffjc5YNda5cuJK7AWeF1X+W8H/5a6zn+Qo9p1RHPk9ZBWbaehkjSNaGzJLKTaHccydJLnqpv7PYgptl+6HZxq53qFVHq/Hm+Eb/tVNbJSdmUJDV6Sp3gjX4lyl/dfjx7VR7K9+maZ8dh82gjbICUtM2bz1vrzOhpoGGHUno7G/zXbFSQGh6B7o5OfolgUvVMA1MhH6Mt2JNvB0ZvNZFOsN7a3wcBYlrxT24QeoLimBFPOHYBRMv/YXxU6pV9s5zdxtG6uWEs33y88t+ySQS00zIY3chNzr3gnQ86o/Hxt+B356aTwYehjFMq3/MbdolXh5u0G1N24+aOTs4mTh87g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PzikZB7mUqkv7vkm+/BmHm4D+pRpbsgBc/hpff1pFL0=; b=KLC3X6+yXlPfTPiYJg4zuhuZAMByJcVu7BFJxRKx4jtU1t/OUdPEMTqby2LGyHs/WODUz+viXb6lWf6Uk3KaAqNdm3obREeZyIdD1ze80cvgdEZvae5LKTmpdC2GKovgnum/qQTpCh12y4pw8egj+6BncaSMnhVsu7Y0tsGDcStGlWlrgX3V2Q8Lo7PXJb5iQw6tv3Xn3LBYpeRpFwQHqFIJhUiHVSnbOqvFod+eLQqmrsYsherVWT6d8HqGZxxNRtXl2weUXENpu8Lj/7u8qalo+Fi5lfuUsRP/soCDs5tVTsHu9rWmdD/U8V4H8Q7xSYgxZdDXLyyJxHFzmwGUyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PzikZB7mUqkv7vkm+/BmHm4D+pRpbsgBc/hpff1pFL0=; b=HVBlA4BsUWODqE1uvYY/7rSqXK1yjqdkNjy77jd3ZmnqvYXekO7NWzYe4wNuBsLZ1KN+eAfEwyJf2ApPZpaiQJsyM3jhv899/i4z9HiAMpGVwSUPxcxO5fAa0dVPnVG2zHQYeokvj6G2JqbPJJ8l1+K7VLhviOya8magZ2CzJXU=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB4316.eurprd07.prod.outlook.com (20.176.168.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.13; Tue, 1 Oct 2019 08:00:11 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2305.017; Tue, 1 Oct 2019 08:00:11 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Martin Thomson <mt@lowentropy.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
Thread-Index: AQHVdMcGqKrsDzXR9ESLhc3TP2SShqdFlHcA
Date: Tue, 01 Oct 2019 08:00:11 +0000
Message-ID: <4DE775B5-B15B-469F-A50C-3DB5B86AA5D4@ericsson.com>
References: <BF5F63A6-105B-47C6-8B65-29A290A16E76@akamai.com> <8B2B78CF-F312-4F7A-8EB1-A712F309A754@gmail.com> <CADZyTknH0ivQc-xW-di1XKC7w-9A5TCF8vhLLCrR9jQbcqY5dw@mail.gmail.com> <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com>
In-Reply-To: <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2e08f0af-a661-43ac-53be-08d746456272
x-ms-traffictypediagnostic: HE1PR07MB4316:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <HE1PR07MB43161FEAE1877757955F332F899D0@HE1PR07MB4316.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0177904E6B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(39860400002)(346002)(396003)(366004)(13464003)(51444003)(199004)(189003)(305945005)(476003)(66446008)(316002)(110136005)(58126008)(76116006)(66946007)(66574012)(44832011)(66556008)(66066001)(26005)(102836004)(7736002)(256004)(53546011)(6506007)(186003)(5660300002)(486006)(76176011)(2616005)(64756008)(11346002)(66476007)(446003)(2906002)(71200400001)(86362001)(36756003)(25786009)(6436002)(99286004)(6306002)(6512007)(966005)(14454004)(71190400001)(2501003)(81166006)(81156014)(8936002)(6246003)(229853002)(6486002)(33656002)(3846002)(478600001)(6116002)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4316; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RQiT7g816OY//IZCY39p31xnw4HTmzbpirfU9AqemzFbGX/HxCL1fKsISC3BX6Bm2U7slIxz4uBDVvIP52xN8xJEc8EAHR3AUqjBkt1tp/E/afX9aq5MEcou5GMiLY27nWQ0mE/ienLvIMuaMJSaNMp9ShEjwyIxa/zOLWY59pUwOzjpQWNUCQE2SbSwjAa8b1oui4x9lCFG94ozJRZ6R30dPkZPsTOdufCW7msRL0BgllEJ9Mbp1j7g9ILs3xHfi0KOZH5UNNG0yeWXr2AYErM0i/bY7sDqeGi9evWY5TI7cwIIoJ+sLjNZP2mo1Ke0kJTdMZV8uhHdCrHAhi1qHG1hYTpmsoM+r/HZp8KA4RSIzKYSgu49FctPBls3kDhPlO6PIR/E+7nT3iqP9YYMYRMxyZjobYpDSo5VSc4GXobvMNGZ/ZhFRRZ1QTgpwjOFgnpPaHNWHilKeevs1K+d/A==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <93A00A3617709D47AD9F805895FD4BCE@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2e08f0af-a661-43ac-53be-08d746456272
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2019 08:00:11.3392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: n1C9xpOe2hnn92YHBsrQDhXJoljYaeKNoV13F2SNKsqeQk2uJu//2jVvw3KoqUYoF3gelLKL1dsD9rnDzSfAuOrrn0Dc3TVYzJHlzfWollw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4316
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dcjMD-wT6Lf23ECcttXInAxuObA>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 08:00:17 -0000

Martin Thomson <mt@lowentropy.net>; wrote:

>When we release a new version of something, we are sending a message:
>
>1. new implementations and deployments MUST include support for newer versions
>2. existing implementations and deployments SHOULD be updated to support newer versions

I agree very much with this summary and I would like to have it published somewhere. Take for example RFC 8261. It was published almost 6 years after RFC 6347 made DTLS 1.0 obsolete and still mandated support for DTLS 1.0 and not DTLS 1.2. I think this is one of the lessons IETF should learn from the TLS 1.0 and TLS 1.1 deprecation. How do we stop this from happening in the future? For an external viewer it must look pretty strange that IETF in Nov 2017 published an RFC relying on DTLS 1.0 and then 7 months later started working on a draft forbidding its use....

I would like to see something like the following statements published:

"New implementations and deployments MUST include support for TLS 1.3"
"Existing implementations and deployments SHOULD be updated to support TLS 1.3"
"Existing implementations and deployments SHALL support TLS 1.3 by January 1, 2024"

>> """The expectation is that TLSv1.2 will continue to be used for many 
>> years alongside TLSv1.3."""
>
>Some people have that expectation, but I think that John is right to challenge it.  >There remain reasons that people are sticking with 1.2 for now, but those reasons >are mostly to do with allowing time to flush out the vestiges of a dependency on >some of the TLS 1.2 idiosyncrasies.

I agree with Martin, and irrespectively of whether it is true or not, I do not see any need to have this sentence in an IETF draft. 

Cheers,
John

-----Original Message-----
From: TLS <tls-bounces@ietf.org> on behalf of Martin Thomson <mt@lowentropy.net>
Date: Friday, 27 September 2019 at 02:03
To: "TLS@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation

    So I agree with Kathleen's conclusion: not to change the goals of the current document.  But there are changes that I think are necessary (and thanks to Daniel and John for highlighting these).
    
    BTW, I've moved this to the TLS working group, because this is an active topic there and I don't see anything in my email that SAAG needs to concern itself with.
    
    On Fri, Sep 27, 2019, at 01:00, Daniel Migault wrote:
    > My understanding of deprecating of TLS1.0 TLS 1.1 is that: 
    > a) new software do not use these versions 
    > b) existing software stop supporting these versions. 
    
    That differs from my perspective.
    
    When we release a new version of something, we are sending a message:
    
    1. new implementations and deployments MUST include support for newer versions
    2. existing implementations and deployments SHOULD be updated to support newer versions
    
    When we deprecate an old version of something, we are sending a message:
    
    3. only use this old version if you absolutely have to
    4. you are encouraged to take active measures to remove the need to use the old version
    5. you have our support if you decide not to support this old version
    
    Now, "support" from the IETF is about as meaningful as you think it is.  And you can s/MUST/really ought to/ and s/SHOULD/may wish to/ [RFC6919].
    
    In browser-land, we've decided to form a coalition when it comes to removing TLS 1.0/1.1.  3GPP have obviously got their own support group, which seems to be functioning effectively, which is great.
    
    > """The expectation is that TLSv1.2 will continue to be used for many 
    > years alongside TLSv1.3."""
    
    Some people have that expectation, but I think that John is right to challenge it.  There remain reasons that people are sticking with 1.2 for now, but those reasons are mostly to do with allowing time to flush out the vestiges of a dependency on some of the TLS 1.2 idiosyncrasies.
    
    I would advocate for removing this statement and any residue of that sentiment from the draft.  It's speculation and, even if it were true, it conveys the wrong message.  The only message I would include is that one that is further down the document: "Any newer version of TLS is more secure than TLSv1.1."
    
    _______________________________________________
    TLS mailing list
    TLS@ietf.org
    https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email