Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05

Rob Sayre <sayrer@gmail.com> Tue, 08 October 2019 13:26 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8721201E0; Tue, 8 Oct 2019 06:26:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UenE6PMcN2hv; Tue, 8 Oct 2019 06:26:08 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7766B12004E; Tue, 8 Oct 2019 06:26:05 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id n197so36332718iod.9; Tue, 08 Oct 2019 06:26:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zOobsmqO9NhGhJtcVUvhYg2tt53FSwIU/q2TMmShYeQ=; b=BYSdOmF1Xp4NN/fe5D2XodSv3Nz0gjBv99IH2HA/ZDMclpdOR4ckCloGTyl6AFO21a kEDYihSmTj576X+qGba58o2cjy9fLz0U+lvDjEpQs00scFXuS++6Y5U/ysTNSsZAPsjw 4egj+TNketOfegxS3FA3XGuebEME2LcP8NxvlhqPWQed/VI/4TSc3GjQKQr/NVI9Nrpc PAcV5oKWVp/3GxRL8UOeQ1wEKajYGR9VibJKKWuEUEDripfSIcDcA9PHCmOiCVz6irpO dutvxRm7UdtPaVFtFhsaYSQP44xigqQQVI4jHt7WNmYdAvKpkaKh5GU/vR2hoIavsM93 SNLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zOobsmqO9NhGhJtcVUvhYg2tt53FSwIU/q2TMmShYeQ=; b=lhxjphuJAPwxNtoHY7uCEr2T+Sl14D22hbm7GfmxT/Pae3Y4vzujVrUvC+wYv4UCwB saaJMoqn+urkeDOvE7YG01ZTAbMib6esftLrZG2xuGcdv0mGX/AefRYGIfuuD4B1ht6w Mc5e2ECJ+U1AEopunT9b9ut7nPAtqX5S6zoB+k05u50iEppKodT172x0QYh3W0Wh+eFp c3dj+cmkVSG5MqWZWnhJuMvZYY5zC7Z73oggTjfu+uJA2Nr4Q3YciJDNMEqLFqs8rIzS WPi+uzVpx0Tof/scMebA5VHq33it6sh/1I0l5QFUus5PDNS9e/VrcxTCVnSrAlPWpYXA 85Pw==
X-Gm-Message-State: APjAAAXD4lqU95DOps7RfNsCW/wTQBwb9qCqWIucdzHvWnWOuqhO7DIV qWghbT9bhRRTnRGiJFJwinwDGow83S51HHOeeB0=
X-Google-Smtp-Source: APXvYqw5T7l7NgMpLZSi6T3nePr/oZjU9lzcbd4YCBtNwUX4UIl0hAOqGXGwD7zwPOfX6q1MP0bD4GtJ5wZU4xsSsAk=
X-Received: by 2002:a5e:8902:: with SMTP id k2mr2199988ioj.49.1570541164552; Tue, 08 Oct 2019 06:26:04 -0700 (PDT)
MIME-Version: 1.0
References: <00C5D54E-40C7-4E95-AD2D-9BC60D972685@sn3rd.com> <5bcf3b7c-5501-70f0-4ce7-384f885c39e7@cs.tcd.ie> <6F040DD1-C2E2-4FD2-BB37-E1B6330230BD@ericsson.com> <149BDA3C-14CF-459F-90D4-5F53DBEF9808@iii.ca> <CAChr6Sx4AVjkoKWiD2-cT2ZBNg=mKzeOX603gVs0f7vQ_FgN7A@mail.gmail.com> <CABcZeBNOVOBifOSnWdxSDTLizUUUn6ctLrBT43CHK+4B7KWGiQ@mail.gmail.com> <CAChr6SzT3GqmidPbmVjmrZX=u1UpBee4e8K2C-zHuNHEqgB7uQ@mail.gmail.com> <CABcZeBOGjPYy9FaOzaf-bHKaoMtXpO0SjQO5RTx9fMUo3r8vUg@mail.gmail.com> <CAChr6SwjdhpL2jQgNVjjuLosa8ycZEi9rGHuZ=K8=ToRy-gfJw@mail.gmail.com> <858a91dc-eb59-de20-4abb-7845d55f8a1b@cs.tcd.ie> <20191008120506.GF76545@kduck.mit.edu>
In-Reply-To: <20191008120506.GF76545@kduck.mit.edu>
From: Rob Sayre <sayrer@gmail.com>
Date: Tue, 8 Oct 2019 20:25:51 +0700
Message-ID: <CAChr6SyhpUWoyhDiCp-UQ49HYVK-=Mk8DdXSpcAGK9hm+p00MQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Eric Rescorla <ekr@rtfm.com>, Sean Turner via Datatracker <noreply@ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>, IESG Secretary <iesg-secretary@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000037e8890594661c4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dmaFINV_oyn-czMMWjn1nZly2uI>
Subject: Re: [TLS] Publication has been requested for draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2019 13:26:10 -0000

On Tue, Oct 8, 2019 at 7:05 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> it's largely up to the sponsoring AD.
>

Is that true? I'm not sure which procedure you're describing.

At any rate, I think one issue is with the abstract
of draft-ietf-tls-oldversions-deprecate:

"This document also deprecates Datagram TLS (DTLS) version 1.0 [RFC6347]
(but not DTLS version 1.2, and there is no DTLS version 1.1).
This document updates many RFCs that normatively refer to TLSv1.0 or
TLSv1.1 as described herein.  This document also updates RFC 7525 and hence
is part of BCP195."

What it doesn't do is state that it updates RFCs that normatively refer to
DTLS 1.0 and/or DTLS 1.2. It seems like it should, since RFC 6347 states:
"Implementations that speak both DTLS 1.2 and DTLS 1.0 can interoperate
with those that speak only DTLS 1.0 (using DTLS 1.0 of course), just as TLS
1.2 implementations can interoperate with previous versions of TLS...".

Although I favor deprecating DTLS 1.0 conclusively and thoroughly, there is
an argument for eliding DTLS entirely
in draft-ietf-tls-oldversions-deprecate, NIST SP800-52r2 explicitly states
that it doesn't cover DTLS, but that document is the only citation in the
"Support for Deprecation" section of draft-ietf-tls-oldversions-deprecate.

Updating in-flight documents to avoid citing soon-to-be-deprecated TLS RFCs
is something I expect Area Directors to be doing. It's a predictable
problem.

thanks,
Rob