[TLS]Re: I-D Action: draft-ietf-tls-tls12-frozen-02.txt

"Salz, Rich" <rsalz@akamai.com> Tue, 20 August 2024 17:19 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03D58C180B69 for <tls@ietfa.amsl.com>; Tue, 20 Aug 2024 10:19:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.95
X-Spam-Level:
X-Spam-Status: No, score=-2.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZtzM23R_Dcz1 for <tls@ietfa.amsl.com>; Tue, 20 Aug 2024 10:18:57 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [67.231.149.131]) by ietfa.amsl.com (Postfix) with ESMTP id 88519C1840D5 for <tls@ietf.org>; Tue, 20 Aug 2024 10:18:57 -0700 (PDT)
Received: from pps.filterd (m0409409.ppops.net [127.0.0.1]) by m0409409.ppops.net-00190b01. (8.18.1.2/8.18.1.2) with ESMTP id 47K3cv3Q024782 for <tls@ietf.org>; Tue, 20 Aug 2024 18:18:57 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= content-id:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= jan2016.eng; bh=E2/flpusFNBp6Gc4z3Wjw1zyDNquveLVKEwwU5UwKAQ=; b= hAf1SuAaJOCatuZycJQy3e6wvb8fCbeYQpe3bKs1hW8rjq70td+FnE+ix8A52AZM AeTeQve40r34eqPjR+GMtjQMN1vPftCMYRPLCZl8myfPGaojCC+Vqlt4IaEQ6Duk aldaoOOgQGUiUqe+Ysabq5NFr4C5pXDYF6tMKSBthDwcvdZYh+CLKwWjtGSGt0mQ OtQwLFZMIA+VRVUe5n1GEps2X1N4eXkIEByMM6fd1jXGChJEjOu+pPz3TlGYHOs3 Evy+tR5MA4cQbd1XO7ARXIu2M+mxJpe3yHLJWIJWQhL5mBDYycyMwh1l0aJiitXn AMEeXYFp63gLOSeNRjF44Q==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by m0409409.ppops.net-00190b01. (PPS) with ESMTPS id 4149ph12ad-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Tue, 20 Aug 2024 18:18:56 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 47KGG3UV013368 for <tls@ietf.org>; Tue, 20 Aug 2024 13:18:55 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.203]) by prod-mail-ppoint7.akamai.com (PPS) with ESMTPS id 412q6xys8b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Tue, 20 Aug 2024 13:18:55 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 20 Aug 2024 10:18:54 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1544.011; Tue, 20 Aug 2024 10:18:54 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS]I-D Action: draft-ietf-tls-tls12-frozen-02.txt
Thread-Index: AQHa8yR5JzlcE5nK1ESEXm2bd9W6h7IwlhGA
Date: Tue, 20 Aug 2024 17:18:54 +0000
Message-ID: <561D83B6-5126-4B6D-92C6-61AE4650D258@akamai.com>
References: <172417396030.2132932.3375927418551700356@dt-datatracker-6df4c9dcf5-t2x2k>
In-Reply-To: <172417396030.2132932.3375927418551700356@dt-datatracker-6df4c9dcf5-t2x2k>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.88.24081116
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <CC57DF37BA446140B44526E26B49CE99@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-20_12,2024-08-19_03,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 suspectscore=0 malwarescore=0 adultscore=0 phishscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2408200127
X-Proofpoint-ORIG-GUID: tfYPv2nkpl4EikCq6gzALzWXZBUS57wO
X-Proofpoint-GUID: tfYPv2nkpl4EikCq6gzALzWXZBUS57wO
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-20_13,2024-08-19_03,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 phishscore=0 bulkscore=0 clxscore=1015 suspectscore=0 priorityscore=1501 mlxscore=0 impostorscore=0 lowpriorityscore=0 spamscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2408200128
Message-ID-Hash: 5DVCNWA566EFMPQSNTJJUJR3BHRY6BFY
X-Message-ID-Hash: 5DVCNWA566EFMPQSNTJJUJR3BHRY6BFY
X-MailFrom: rsalz@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: I-D Action: draft-ietf-tls-tls12-frozen-02.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/f62yvLL_4mDEsRzAY46L4QLjakU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

This draft makes the changes described at IETF 120

Slides: https://datatracker.ietf.org/meeting/120/materials/slides-120-tls-chipping-flakes-from-tls-12-is-still-frozen-00
Minutes: https://datatracker.ietf.org/meeting/120/materials/minutes-120-tls-202407242000-00 (search for "frozen")

I ask the Chairs to start a WGLC.


On 8/20/24, 1:14 PM, "internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>" <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> wrote:

Internet-Draft draft-ietf-tls-tls12-frozen-02.txt is now available. It is a
work item of the Transport Layer Security (TLS) WG of the IETF.


Title: TLS 1.2 is in Feature Freeze
Authors: Rich Salz
Nimrod Aviram
Name: draft-ietf-tls-tls12-frozen-02.txt
Pages: 5
Dates: 2024-08-20


Abstract:


TLS 1.2 is in widespread use and can be configured such that it
provides good security properties. TLS 1.3 is also in widespread use
and fixes some known deficiencies with TLS 1.2, such as removing
error-prone cryptographic primitives and encrypting more of the
traffic so that it is not readable by outsiders.


Both versions have several extension points, so items like new
cryptographic algorithms, new supported groups (formerly "named
curves"), etc., can be added without defining a new protocol. This
document specifies that outside of urgent security fixes, no new
features will be approved for TLS 1.2. This prescription does not
pertain to DTLS (in any DTLS version); it pertains to TLS only.


The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-tls12-frozen/