Re: [TLS] Adoption call for Deprecating Obsolete Key Exchange Methods in TLS

Martin Thomson <mt@lowentropy.net> Fri, 30 July 2021 00:35 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CEEE3A0CBA for <tls@ietfa.amsl.com>; Thu, 29 Jul 2021 17:35:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Pf5sfJ+n; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=o/Y8zNms
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iFYfXlFqlZPh for <tls@ietfa.amsl.com>; Thu, 29 Jul 2021 17:35:40 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06C143A122E for <tls@ietf.org>; Thu, 29 Jul 2021 17:35:16 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id F32695C0160 for <tls@ietf.org>; Thu, 29 Jul 2021 20:35:15 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Thu, 29 Jul 2021 20:35:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=Jscr5hmLcIdJqmPzyx5whsaqQEOdVBW h3PketbB3QHM=; b=Pf5sfJ+n5q6uzpyANufnIOta/ECZlCha4Cq2YmSNQuKkfXk /6HAgLL8ILeiGV442LwSGrhpkd3sccxK0o8zW0BI2hJFztkM/U5GmPg7Ca2pC2ka UiFaZUqkAHmpX/t18mRWVlHgAqOs4oyrIr66R/kw1gOU25iLE+itvm90rchq7HBb JD2lbO77z9oZEZOd/NRvbC1ryoGlV7TM5EaIfLLe5QQBAH7VbdAupgc+fyrTg2Ky qEXSwcBUQTqpgiEfsC54CQAJDnUhKow82T1eGUnPFesqoZxIiKg52zuac8SjIFaP ZEPuTQ8B0HShMx3JPXm+/kylvamaGcjieQDXlIg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=Jscr5h mLcIdJqmPzyx5whsaqQEOdVBWh3PketbB3QHM=; b=o/Y8zNmsje1Bxuuic+sGzj UUeVU5s8LKMv+fNOzYgh3hgOm/TYY8brUwLLW0J6JKOQrY2ZIvNRW8ZFAwOeL92C Wm4iQPr4R7GNFrNG8fbuBw+zXE5n53MJGwo/fFPkF6IW8QLiC2v/GViVpE+Scm6n bn+lvEDjF1wLgXR8grmJHb2VI0OLwkBtwos2lg3OWRGABb0MHEMW78Lf8YquPStq wcbmbf11XN7mM5DKqa8ACTfSoqn7dEIMniC75tKIXd8cANpMfuTs8RhNGBUob2r8 CXEnkAinNOrhMVQKpk9uhmbOwed0L97KtdeBLTjqc3tTG615IIxlelMgf8kgMpWg ==
X-ME-Sender: <xms:Q0kDYS8fl5WT4J-9r5ImwcwECfutXyhiSYk0HXtDbPHr6UuEMI4q3A> <xme:Q0kDYSudpkBRWewKeT83_TuJaYJ9iSre-0bEYQ5rX9jvd6K7vLslZ5VFArktzD2NC E6zyEgSYuMZTwnx3kc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrheeggddukecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepleefudfgleegiefgueevle dujeejuedtleegvdetheeuvefhvdehgfegueffiedvnecuffhomhgrihhnpehivghtfhdr ohhrghenucevlhhushhtvghrufhiiigvpedunecurfgrrhgrmhepmhgrihhlfhhrohhmpe hmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:Q0kDYYDlKV2QNe-F0UDYm1yCALWCOm5nfEatLjEaXdygPBI9dSEAsQ> <xmx:Q0kDYacj6yVHb_tu29YtzMd-hQKlXx6OrYOOpM8LbM8bp1sjl_bpkA> <xmx:Q0kDYXP8XVP5YEex8CjTPxxJB9XOs9QO3AVE4O812QsL_mUM5sf10g> <xmx:Q0kDYdag9GMY36QUjJva_8R566F2wGWJJ23PN5Jexrx7DQpZSHYfKQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D0C673C0471; Thu, 29 Jul 2021 20:35:15 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-545-g7a4eea542e-fm-20210727.001-g7a4eea54
Mime-Version: 1.0
Message-Id: <4c0aafd3-fc8f-453a-a009-44ecc18dafd7@www.fastmail.com>
In-Reply-To: <CAOgPGoARpxr8-FzYJPRcup9XF-DRv875aAnuNZtoLPHM9-6j-w@mail.gmail.com>
References: <CAOgPGoARpxr8-FzYJPRcup9XF-DRv875aAnuNZtoLPHM9-6j-w@mail.gmail.com>
Date: Fri, 30 Jul 2021 10:34:55 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eEAGsTZVbAFMeOE16Es2Ze_FgmQ>
Subject: Re: [TLS] =?utf-8?q?Adoption_call_for_Deprecating_Obsolete_Key_Excha?= =?utf-8?q?nge_Methods_in_TLS?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 00:35:45 -0000

On Fri, Jul 30, 2021, at 07:50, Joseph Salowey wrote:
> This is a working group call for adoption of Deprecating Obsolete Key 
> Exchange Methods in TLS  (draft-aviram-tls-deprecate-obsolete-kex-00 
> <https://datatracker.ietf.org/doc/draft-aviram-tls-deprecate-obsolete-kex/>).  There was support for adopting this draft at the IETF 111 meeting.  Please review the draft and post your comments to the list by Friday, August 13, 2021.  

Yep, let's do it.  There were comments suggesting that this wasn't going to work for some deployments yet.  That's OK, that's how this works: we decide to deprecate, discuss and publish a document, then people get to work out how they change their deployments.  If we don't take that first step, then in many ways things don't get better.  Adopting this is that first step and a good idea.