Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt

Eric Rescorla <ekr@rtfm.com> Fri, 13 July 2018 12:36 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50C4C130FF3 for <tls@ietfa.amsl.com>; Fri, 13 Jul 2018 05:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xNIfuhva1uPV for <tls@ietfa.amsl.com>; Fri, 13 Jul 2018 05:36:21 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D103E130FFA for <tls@ietf.org>; Fri, 13 Jul 2018 05:36:20 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id j68-v6so11672066ywg.1 for <tls@ietf.org>; Fri, 13 Jul 2018 05:36:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UuY24UJEvCzZWwiUVljEXbPityhYVanfr/LyztnKM1c=; b=up+z+FKBzw1K0fxC1Ysq188tO38hdpgkB0Fuem/Fw7pIy56tZs6hwkJV6OlBdXNYH2 1pp0zxeeAkmrNhm8jiq2lypCTK1JUg2sZ3uibAMQs3UVzfKvvWGad3N1/R5mR0Rqpenc zfbWu2cDwOuSngp+YYUaLO/LH84HjViCsPNCFn/w5SMX/3d8H2AQgfn/lh6ZbVJ1vY7A XBHKEx6xyx6WTQId+vACHuSCXhTx1K9iF/uSSospn0YXpRt1SCG58nUdAVUmJCjk5wD6 ofcTZF1KQ1RQBR5umgLE/GMH+fPhZTp3k0EWR2F5tQmJIlv8lWsVlPyNogMFbfXnyCak 0ODA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UuY24UJEvCzZWwiUVljEXbPityhYVanfr/LyztnKM1c=; b=nftt7sQ2XxQJAN1qauDa87qio0oAUkEb7gP+/58nCpNGopBofO6rVmJ9LpQvMJ4UjS OTOkGrW5TNcqX/ECC34pVDEQLc28+PxGeIE8GVg6uUAeMCqRLQVWKU1wc3KC79jjCfej /3qBvGa4eyq9TClSbHw7tJwOaCbPADxN+OUg6FyGeekh+cz/XVn2NspvSuLU3vlw90rQ bDLmaSkIKv9suTa1OMlff9nIhFhDvkDuLyiNdfhoqGd8L5eM4exwSUW+gsgS9S4b6+H9 9z9G6PAztGwE8B9IFdioFIBKnY21L59JpYAX2kclz0dnHhjDfKLcABSckrjfqgki/jUj TifA==
X-Gm-Message-State: AOUpUlH3Wcj7hDltlEyG4JAeJ2Y58xH+F1hFTs9cC3mLY6aTusgyc84t KZZwLlxC44bkr0TgSqptcDHZskU8gYK3i+KYjAXeaQ==
X-Google-Smtp-Source: AAOMgpdNX2DwIH0eaPNSJKoCfPekovnC4CcNeLZUOQ3AnDrmgIq+Ii5Q1TJyWXUIHejmhzdBjQmRvtTHeFjbN2setHk=
X-Received: by 2002:a0d:f2c7:: with SMTP id b190-v6mr3085468ywf.489.1531485380054; Fri, 13 Jul 2018 05:36:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a81:6b83:0:0:0:0:0 with HTTP; Fri, 13 Jul 2018 05:35:39 -0700 (PDT)
In-Reply-To: <CAPsNn2VoZqfEyviHr8wivHv2iACsySb--E1ogzxJ9v7FGTdM7Q@mail.gmail.com>
References: <152934875755.3094.4484881874912460528.idtracker@ietfa.amsl.com> <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com> <CABcZeBN4RPt_=zu-PTPeaYbQ4KxC8DAf=a7359pZDjYavpxecw@mail.gmail.com> <CABcZeBMzweULuOfxe_Dp7n6M7Lt77_1Qq92=KzfmuBeShUSCDQ@mail.gmail.com> <CY4PR21MB0774BE80A4424D41D0C8C4138C440@CY4PR21MB0774.namprd21.prod.outlook.com> <CAPsNn2U-WqPM-Tqun4NQkhy+ctpkdjkXj_dFurChKDB3f=WqRA@mail.gmail.com> <2ad88b61-aa3c-88d4-dfef-bcd78eeeeeca@cs.tcd.ie> <CAPsNn2UyQMEnS7y-Vgpt7j7c_z38OyhPgguvD7m54yVT013u6g@mail.gmail.com> <e669c670-fa21-4df2-4098-4e0eb218f4b5@cs.tcd.ie> <CAPsNn2VoZqfEyviHr8wivHv2iACsySb--E1ogzxJ9v7FGTdM7Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 13 Jul 2018 05:35:39 -0700
Message-ID: <CABcZeBNR0nNdRba+DTy5DG9=f8VPRFvkBFEQtMVxQj9cukCGnA@mail.gmail.com>
To: nalini elkins <nalini.elkins@e-dco.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000ea7010570e0ba77"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/e5K65Vd2H7UD2PqkJyepskMST5A>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2018 12:36:32 -0000

On Fri, Jul 13, 2018 at 5:24 AM, nalini elkins <nalini.elkins@e-dco.com>;
wrote:

> Stephen,
>
> Sorry for the late reply.   I was travelling to Montreal from India and
> was jet lagged.
>
> >
> >> I am thinking the following:
> >>
> >> Location: U.S. / Canada (possibly U.K.)
> >>
> >> -  3 banks (hopefully from the top 5)
> >> -  3 large insurance companies  (includes back end processing)
> >> -  3 U.S. federal government agencies
> >> -  3 companies in the Wall Street / Stock brokerage sector (includes
> back
> >> end processing)
> >> -  3 large credit card / processors (ex. Visa, Discover, MasterCard,
> etc.)
> >> -  3 in the retail sector (Home Depot, Target, Lowes, et al)
>
> >Those are pretty small numbers unless they're interacting with
> >a lot of TLS services. It'd be hard to know if they'd be
> >representative of something or not if they're anonymised in the
> >results.
>
> I would expect that these people would have quite a few applications
> using TLS.   Telnet, FTP, MQSeries, SMTP, and many written by the
> organization itself.
>
> What numbers do you feel WOULD be representative?
>
> > I'd encourage you to try get people to be open about
> > things here - there's no particular shame in having 10% TLSv1.0
> > sessions after all:-)
>
> It isn't a question of shame but it is just a bit too much information
> to provide a potential adversary.  That is, to say that Stock Exchange XYZ
> has n% of TLS1.0 clients provides a potential attacker too much
> information.
>

Well, this seems like it is primarily true due to deficiencies in TLS 1.0
or the software running it, in which case so much the more reason
to recommend updating.


 As I say, most organizations that I know are trying very hard
> to migrate from older versions.  It is not as simple as it might seem.
>
> If the organizations need to be identified by name, then I think this will
> be a show stopper for any kind of data that I might be able to provide.
> Having said that, I completely understand (and share) your distrust of
> anonymous data.   I am at a loss as to how to proceed.
>

As I said earlier, I don't think the deployment fraction is that relevant
here.

The question of whether the IETF should deprecate TLS 1.2 is primarily
one we should make based on the technical merits of the older protocol
versions compared to TLS 1.2. Given that we know that 1.2 is more
secure and that 1.0 has serious deficiencies, it seems like the two next
questions are:

1. Are there respects in which TLS 1.2 is not an adequate replacement
for TLS 1.0? I think the answer here is pretty much no. [0]
2. Is the deployment of TLS 1.2 so low that it's just silly to tell people
to
cut over. That's clearly not true in the Web environment, though perhaps
it's true in some other environment. However, that would be a number
more like 30% TLS 1.0 rather than 5-10%. Is the number that high?

Absent those things, then it's a sensible recommendation for the
IETF to make.

-Ekr

[0] This is less obvious for TLS 1.3 in that we removed features with
low usage.




> I am open to any constructive suggestions.
>
> Thanks,
> Nalini
>
>
> On Wed, Jul 11, 2018 at 5:50 AM, Stephen Farrell <
> stephen.farrell@cs.tcd.ie>; wrote:
>
>>
>> Hiya,
>>
>> On 11/07/18 06:45, nalini elkins wrote:
>> >  Stephen,
>> >
>> >> I'd love to add more detail like that and/or more sections for other
>> > protocols if folks have data to offer with references.
>> >
>> > I believe that I can reach out to various people I know.   Please
>> comment
>> > if my methodology is acceptable and if you think this will be helpful.
>>
>> It's not whether the methodology is acceptable to me or not
>> but whether or not the references to the numbers are credible
>> for readers:-)
>>
>> A few comment below,
>>
>> >
>> > I am thinking the following:
>> >
>> > Location: U.S. / Canada (possibly U.K.)
>> >
>> > -  3 banks (hopefully from the top 5)
>> > -  3 large insurance companies  (includes back end processing)
>> > -  3 U.S. federal government agencies
>> > -  3 companies in the Wall Street / Stock brokerage sector (includes
>> back
>> > end processing)
>> > -  3 large credit card / processors (ex. Visa, Discover, MasterCard,
>> etc.)
>> > -  3 in the retail sector (Home Depot, Target, Lowes, et al)
>>
>> Those are pretty small numbers unless they're interacting with
>> a lot of TLS services. It'd be hard to know if they'd be
>> representative of something or not if they're anonymised in the
>> results. I'd encourage you to try get people to be open about
>> things here - there's no particular shame in having 10% TLSv1.0
>> sessions after all:-)
>>
>> >
>> > Note: I put in "back end processing" because these are the folks that
>> most
>> > often have many connections to other business partners and so in some
>> ways
>> > have the most complex systems to deal with.
>> >
>> > Note #2:  This is aspirational!  I hope I can get all these people to
>> > cooperate.  I will try at least to get some in each category.
>> >
>> >
>> > I will ask them the following questions:
>> >
>> > 1.  How many applications do you have?  (This may end up being only the
>> > mission critical ones as otherwise it may be too hard to obtain.)
>>
>> I'm not sure that's so interesting for this question. And I'm not
>> sure that different people would count things as applications in
>> the same way.
>>
>> > 2.   How many are using TLS and how many are still plain text?  (We will
>> > disregard SSH and other such variants.)
>>
>> Again, that's not so interesting here.
>>
>> > 3.   What percent of clients are using a pre-TLS1.2 version?  (This
>> will be
>> > an estimation.
>> I don't see why this needs to be estimated, this is kinda the key
>> measurement needed and easy to measure. There should be no need for
>> anyone to stick their thumb in the air for this:-)
>>
>> It'd be good to distinguish TLSv1.0 from TLSv1.1 (and SSLv3 and
>> TLSv1.3) and to say for how many TLS sessions or hosts/IPs the
>> figures apply.
>>
>> And of course providing as much context as possible so that it's
>> possible to understand the numbers and whether or not the numbers
>> from different sources are based on the same or different kinds of
>> measurement.
>>
>> >
>> > 4.   Do you have an active project to migrate off of older versions of
>> TLS?
>>
>> Sure.
>>
>> >
>> > 5.   What do you estimate your percent of clients using pre-TLS1.2
>> versions
>> > to be next year?
>>
>> I don't see how this'd be so useful. Aaking about the historic and
>> current rates of change of use of the various protocol versions would
>> be good though if people have that, but they may not.
>>
>> S.
>>
>> >
>> >
>> > Please let me know if this will be of use & if you have suggestions for
>> > improvement.
>> >
>> > Thanks,
>> > Nalini
>> >
>> >
>> >
>> >
>> > On Tue, Jul 10, 2018 at 1:51 PM, Stephen Farrell <
>> stephen.farrell@cs.tcd.ie>;
>> > wrote:
>> >
>> >>
>> >> Hi Nalini,
>> >>
>> >> On 10/07/18 04:50, nalini elkins wrote:
>> >>> It would be nice to see some of this reflected in the draft rather
>> than
>> >>> only statistics on browsers.   The real usage of these protocols is
>> far
>> >>> more complex.
>> >>
>> >> I didn't have time before the I-D cutoff but have since
>> >> added a section on mail to the repo pre-01 version. (See
>> >> [1] section 3.2.) I'd love to add more detail like that
>> >> and/or more sections for other protocols if folks have
>> >> data to offer with references.
>> >>
>> >> Consistent with other folks' numbers sent to the list
>> >> yesterday, (though based on a much smaller sat of data I
>> >> guess;-) my data shows 10.6% use of TLSv1.0 when talking
>> >> SMTP/IMAP/POP (or HTTP) over TLS to a population of ~200K
>> >> IP addresses that listen on port 25 (mail servers).
>> >>
>> >> What I don't currently have is a rate of change for that
>> >> figure. I think that rate of change is the important number
>> >> for figuring out what to do in the next while. E.g. The
>> >> WG might conclude that if the percentage of TLSv1.0 is
>> >> moving down nicely, we should be a bit patient. If it's
>> >> not moving at all, we can probably move now or in 5 years
>> >> without that being different. If we're not sure, then get
>> >> more data...
>> >>
>> >> Cheers,
>> >> S.
>> >>
>> >> [1]
>> >> https://github.com/sftcd/tls-oldversions-diediedie/blob/mast
>> >> er/draft-moriarty-tls-oldversions-diediedie.txt
>> >>
>> >
>> >
>> >
>>
>
>
>
> --
> Thanks,
> Nalini Elkins
> President
> Enterprise Data Center Operators
> www.e-dco.com
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>