IETF Logo Mail Archive

Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06

Michael D'Errico <mike-list@pobox.com> Tue, 13 October 2020 19:09 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFC543A108F; Tue, 13 Oct 2020 12:09:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pobox.com header.b=N1UMQrrI; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=QA0maOfr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nafkhPUMNwqm; Tue, 13 Oct 2020 12:09:42 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A930A3A0D99; Tue, 13 Oct 2020 12:09:42 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B310D5C00EB; Tue, 13 Oct 2020 15:09:41 -0400 (EDT)
Received: from imap21 ([10.202.2.71]) by compute4.internal (MEProxy); Tue, 13 Oct 2020 15:09:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pobox.com; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm1; bh=/FrS4ap7YXd8T5ycW/Iyfs8EyMaoIsQ EQXNEeVkJJ/o=; b=N1UMQrrIHQnu9oKRiLaXIjW8zunVnEeXnwZPVimoWukJ/1g n8luytvAI1k7LK09F3gSrz6Z38kVjStHDUHkwzH7/okVdYZ3AZl2ZlXG/KiXh/d1 eckAP8JvFCT4Lkim6JAAup0oaRlV+qUxKUOCFAgjcvrzrmUV1H16sk7wrYygP/D2 Coj/NjqMIVh5gQRkazhVhqhcfHHAMwXXOh1ozfbiRZOo2gUxtVNV1NalVfv82MtM s3jPYigHg62OvfClK66KMzPO/Uql9UxQaZspToejNHOXh8lgOZ9diH3jCriyUcbr F3nlkrgygLBJW9soiVzgp6j5cex9BiTWt2oTk4w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=/FrS4a p7YXd8T5ycW/Iyfs8EyMaoIsQEQXNEeVkJJ/o=; b=QA0maOfrCRNk3WIL1E08hv gYlyQdCmHsnr2hUipLDA+MZLcPMc9pF9R4kDMuf3tAEs+lMMVBH6G3zl3u4uHm1A GXbng34DpFUMG2Dia4QNS0kRXjPXzlZ3cCHy7CsR28DFPLr7QHsn1jjmjKDCtNha f6geGv5mkdXv6EFk0gLr163otLrCo50SyErBmnXmtn9YDZPP0e8IBtLKOf/4t5ko rxMqZeBHuPnToNvoYsVQLyn8iOftlko5DmbqJYZybWZXkJdrBwLM0P/QdaFs+jeJ uSoWiZrE+X63XSSbt2zbt/6YkQ3ehJpN/qNQ+toP/ZVxMfsXNt5S/QmSdYh8WLTA ==
X-ME-Sender: <xms:dfuFX5bXW1IAWAbvegpRvc8TlvK5rqhMY2hU8wk_RZWEaeY0mG6VlA> <xme:dfuFXwarCa9F-ykKwsvRUmhYiyHjX9L2qc4EUxztDZg3URVhLSdPvzmJhI8PG_N9E Idy0HFq8xHfvx3CtA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrheelgddufeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofhitghhrggvlhcuffdkgfhrrhhitghofdcuoehmihhk vgdqlhhishhtsehpohgsohigrdgtohhmqeenucggtffrrghtthgvrhhnpeeijeeugeehle fghedtvdeuteetfeeugfffvdekheetuedtkeffjeettdeigffgtdenucevlhhushhtvghr ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmihhkvgdqlhhishhtsehpoh gsohigrdgtohhm
X-ME-Proxy: <xmx:dfuFX7-NrQuiwgzcE3uDwqlNVoSFGK9PieScXHHGnfMeZrSnN6Cjtw> <xmx:dfuFX3pgNnkrHV3jdFcoEzP0xGnYhSLmEo-_y26UM9M2JBypSW6r1A> <xmx:dfuFX0p0kG8TqcwgkU6eS2td_Q28AyobL4DfRnDcK50-glo_50uamw> <xmx:dfuFX6H4GXPgBF0hNXYz7tbDLm8q0Z8pIm5kDFR2IaoZMr6XvAjM7g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 54F48660069; Tue, 13 Oct 2020 15:09:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-407-g461656c-fm-20201004.001-g461656c6
Mime-Version: 1.0
Message-Id: <263ebc32-e908-4e41-a8d8-37e88da970ee@www.fastmail.com>
In-Reply-To: <20201013183420.GB83367@kduck.mit.edu>
References: <20200726212223.GY41010@kduck.mit.edu> <CAHbuEH6YV5HyqEV7DbO=_-9yFEHTS3Q7nH_t=ap_xwzGK=vMWw@mail.gmail.com> <20200813175413.GY92412@kduck.mit.edu> <B1F480D7-437B-48E1-969A-D30D3598CF9D@sn3rd.com> <20201013183420.GB83367@kduck.mit.edu>
Date: Tue, 13 Oct 2020 15:09:15 -0400
From: Michael D'Errico <mike-list@pobox.com>
To: TLS List <tls@ietf.org>
Cc: draft-ietf-tls-oldversions-deprecate.all@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/f4yYVc0dfZ0KmDO41LSwn_pVpHg>
Subject: Re: [TLS] AD review of draft-ietf-tls-oldversions-deprecate-06
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 19:09:44 -0000

I know that saying this will have no effect, but I'd
rather see deprecation of just TLS 1.0 and retain
version 1.1 as not recommended.

Also, we should not abandon RFC 7507 (downgrade
protection SCSV).  What harm is there in keeping it
around?  None.

Mike

v2.23.0 | Report a Bug | By Email