Re: [TLS] Robert Wilton's No Objection on draft-ietf-tls-oldversions-deprecate-11: (with COMMENT)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Tue, 19 January 2021 11:05 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E281B3A124F; Tue, 19 Jan 2021 03:05:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.619
X-Spam-Level:
X-Spam-Status: No, score=-9.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NT5VBcsL; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=HcfHskxd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZQozHJ8WhEHP; Tue, 19 Jan 2021 03:05:15 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 967733A1240; Tue, 19 Jan 2021 03:05:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3676; q=dns/txt; s=iport; t=1611054315; x=1612263915; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=hGqj7mTZk5AsSj8kMdPybEKORIYamDi6HSAjTxtWGUs=; b=NT5VBcsLiJykzy/88EluEKBpXIvgNPTXADaqqj8xqi/UTZDe5+07GIoA CDPh6xcQw/od6nqGX/d637zFpH2y9EdiTHawTwkw1b6whPRgqQeV88f4p tyMLUBYg1P7dSLyRp55r4CTnxnb/OTaOhhAY/s5rZ9zID7dvxK/w72E5/ s=;
X-IPAS-Result: A0AkAACMuwZgmIMNJK1iHQEBAQEJARIBBQUBQIE7CAELAYFSUX1bLy8KhDWDSAOEWYkrA5kTgS4UgREDVAsBAQENAQEYCwoCBAEBhEoCF4FaAiU0CQ4CAwEBAQMCAwEBAQEFAQEBAgEGBBQBAQEBAQEBAYY2DIVzAQEBAwEBASERDAEBLAsBCwQCAQgRBAEBAQICJgICAiULFQgIAgQBDQUIgx4BglUDDiABAwukFQKKJXaBMoMFAQEGgUdBgwUYghEDBoEOKgGCdYQBgk6DciYbgUE/gRFDglY+gl0BAQMBgSYBEgEjFYMCNIIsgygEIhkQBgJbPFEXkDmDLKUrCoJ3iS+SW4MqijCVEJQbixyRZYROAgQCBAUCDgEBBoFWOGlYEQdwFTuCaVAXAg2OIRodgzqFFIVEdDcCBgoBAQMJfIpbAYEQAQE
IronPort-PHdr: 9a23:1pWR9RUnsGFE7e5DusueNbJEnpHV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBNyHuflfzfbdv+bhVD9I7ZWAtSUEd5pBH18AhN4NlgMtSMiCFQXgLfHsYiB7eaYKVFJs83yhd0QAHsH4ag7ZuTuu5jJUGxisfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.79,358,1602547200"; d="scan'208";a="630806234"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Jan 2021 11:05:14 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 10JB5DwO016322 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Jan 2021 11:05:14 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 19 Jan 2021 05:05:13 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 19 Jan 2021 05:05:13 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 19 Jan 2021 05:05:13 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YVaREwaXTrYj9HWcZ1ZhLVwjCOiWR+XTERzSZ3KdFxIf0QMPb2o+kfzY5yr8fhLPbGifPuYLfTrWTyOGDSJLLpTJ75gymmwuPw9qAVvDHxCaQikcDytxrkbitKZRe/kkXEwj5JVenNpZROzMLJ5p9C1XQjICJXEWCwcd1Az7VeXKxyRB1lSq0JPAnvVcfS1LGNEz85ca/vSbwz0K4fWn9/MRcoprex/WWv870ZMNeXUdABYMmXeLhELlYEtfwIO4VVKlyXlucoPysQX9FdI4Z97n2m3rXAkOpLy0GsLib5e2kHJYoAZbz06qcTAFqvzvdsvGruaU56TouhnnccwWBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hGqj7mTZk5AsSj8kMdPybEKORIYamDi6HSAjTxtWGUs=; b=Zx74GZOEzktlqGtldqVh8j5Nydj+zDgS+yAThhTYJBPXNPoBugfhH1Dn3PUxssIcsex6CQaL247wZjhd8yMX1epoywECPwqxPrruiUyiIsISpQ1r9a20/05z8BajHyJIlat7WZNJErh7XQ5E5vr7jw9ZzCA/e9YGfz672ZloQdInalIIWnNe5Z9YIK3QTjBZCZIFaZgNKmg9ZGv/5gZg1ILVcWgC/kCf52tgPHnQkD0fmCtIKAoS1CTctQxKfab/j2MOgBvaL/d4V/kFEiccVKkkX+N4wALfXynSoJf23YaY5JtdZejW1opmj4MiFxUcAUx5gdBS7TLjPmlOgHI6IQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hGqj7mTZk5AsSj8kMdPybEKORIYamDi6HSAjTxtWGUs=; b=HcfHskxdaiPdEbMRoZlYU+49okzrlI5c+2kitQQoI9I4fkTgL6RPmgNJoS9fzUFQam92oS3yVC2QiXx0253JhD8tPM4hw7gabpjFIWcbVJhG2o2fzWa6o128kt4a4CMsN0Z8IYpfckNylaVDlYjd/bCrF5WE9YetgnS1Ky4NaPk=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4631.namprd11.prod.outlook.com (2603:10b6:208:262::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.10; Tue, 19 Jan 2021 11:05:12 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3c82:1fa3:2b18:3afb]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3c82:1fa3:2b18:3afb%6]) with mapi id 15.20.3763.014; Tue, 19 Jan 2021 11:05:12 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
CC: "draft-ietf-tls-oldversions-deprecate@ietf.org" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Robert Wilton's No Objection on draft-ietf-tls-oldversions-deprecate-11: (with COMMENT)
Thread-Index: AQHW6Q7YR0knctexnkm/8n8xVRipC6okg4+AgApM5AA=
Date: Tue, 19 Jan 2021 11:05:12 +0000
Message-ID: <MN2PR11MB4366EA869AD607318271B876B5A30@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <161047526945.13931.15375970322889859402@ietfa.amsl.com> <c40b9838-b8fc-5cb7-126b-fc39d1112e2c@cs.tcd.ie>
In-Reply-To: <c40b9838-b8fc-5cb7-126b-fc39d1112e2c@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [82.12.233.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b02d4d54-ba8c-4d85-a056-08d8bc6a17c4
x-ms-traffictypediagnostic: MN2PR11MB4631:
x-microsoft-antispam-prvs: <MN2PR11MB4631EA2F9C329411C8280E5EB5A30@MN2PR11MB4631.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5DKVQLn7X0H3x99UAr8VFRdi+LGcsHn2AOW9zA+uGS3eKqH2egL1HLNRUMC3HnRaR4QdfKsbIzs95WWpeRALuxCWVciOH206Pmi+jql39f99ZO+mwwFXgFKbeqL5gzJW4OY95aa5LXeigjvXZQzHhqax3weW6NLaIpCI8m0b/TCy222JsJnKEZWZ33UKXnSBXM3sZhmZhKOFN/ZO+rKLBds+nUbtvS83vgDB5v8/1BzaXA5M8jclHnPgwpgaTecejXYmHqTE5B5b1iUgFxmCXK80Ja6jDqeAiX7mEJguCltbJf5NoRcjhUoFurGDyhPG0JyV4T2p7//aC0br5F0XRqCJODHvz6C3DWgf4sMZU0o6BoyvehJK8DSKDV+uOtUhgzLciMaZSM37lPWfgT1ZtHILWjR4tM9cBHmZqP4k0tP8x/ggKENH9qoAF5gjDpU74PRLfyMj5YHIQAgf3FmAJHOZ1810xK2xGRn93eaoIdMq1IFNAIbEKxzJZQrDtFEA1uAPcpkuAAnJI34t0WwEQk8j1GRykLoej9iplf6q3pu3k1vH5tu6tQBgN0iLD8qQfOqgUwhUuLNdMame2m8zp+BA4G0CrrI8gSNEuqwss/w=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4366.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(366004)(346002)(376002)(39860400002)(136003)(26005)(186003)(53546011)(966005)(296002)(7696005)(6506007)(478600001)(83380400001)(52536014)(66476007)(66556008)(66446008)(110136005)(8676002)(71200400001)(2906002)(4326008)(33656002)(55016002)(54906003)(86362001)(8936002)(64756008)(76116006)(9686003)(5660300002)(66946007)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: fBKa5QijGfeW3a4k5t5ARnq1/8ppt0xRbcGpdgKGMEXRKT4VqpnhBG7SaekncppF/6UOVW33RMuNESZa8hw7n8mdrn9Oio3vPlrZvKqKx7F8LPcDwZJGmEgtGbrs1DRFyfXTyog1DwIDmtcUhVnZQk8NNMV6qfbA9AD2uuSE91fSB8KM2yJZTCWiCNoO1R/bGfpQQ1LvNfRiVI1ewpipxrYCb2cQMqlCfTY6Ypj78JAMsZIsvdtYvLV7Ed0+FPKzYJTMd1FB3XN1GbjlIyY2VRSH9WEKJmGxzOs+hlYFBK3ps0Jox0xzmSqo/lcdyE/Pg+v3Z6KtUvg7NQyJPAi4Y16fx9WaUJ4OWJYUpaHunmBpCRzlReN2tjkJmeuxhj4Nd6yDH4rv+fT4iNBW2WSMs8jQ73BQjO0dDnqVgbFm8ytBl8SjeggRs9VINaTRYil5i0QejHwd3btBxuiaeDo6WIf8m0tIZdOALNi5cP60fr0LH1HHAuNFw2kf4EPuoTgB+WhB2+Pscctzn69gA4X/5HKtwVtZxrFD8BxvlP2d729yMBml6GxXILcZcgnYZ94HQs1jHgD3z7jZJs34EY6ifxNoNY48aoccH7fHR58amPYTncouQ1IUd5ZBVcqOq5ZBWOVmRy1WiXs0HZwAoqw5hJdk9xMs3iehHxAIcFxoVpWAEhZWN9nzgDcZm4ro2j54ZRh01lq0jwBfntKMoABBgx9h1SRhyZJ4536BADbYPtVKpEHDMse5Lk2YOGWSIl1zFdBWU5CaX5OWqRErV7XNm11SY273Gd23XEsB0SNFiZJKGKdwP3GaBOU0e1vlg63k3h8WWWiYm1cqMsiWIYeTnQtGhqGA7X9USO5fN05qkldDkeVwDY4yM0Y6GAzGD40t47ZfsM/qnjqmzH1a0b01f1cWPlJ0Aoo6EmFkBtsxUn4mX3B2rzdCecZJDki5WERLM0o0S6brMnEBJmDdH4V5JRrlfmyfSmaKQgfOgy4JMs4=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4366.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b02d4d54-ba8c-4d85-a056-08d8bc6a17c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jan 2021 11:05:12.3043 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eEwEGp5W6FnWJt/4GI3A2xj+UW/bUxHmT6fPqlbsH2C30c8xmKNuCyQIiIs+l+uQEB++g1ApYUYnbe2g5eZe2Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4631
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hbjPvDvMkdqSwziMyXBlA-VNOi4>
Subject: Re: [TLS] Robert Wilton's No Objection on draft-ietf-tls-oldversions-deprecate-11: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2021 11:05:18 -0000


> -----Original Message-----
> From: iesg <iesg-bounces@ietf.org> On Behalf Of Stephen Farrell
> Sent: 12 January 2021 21:35
> To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org>
> Cc: draft-ietf-tls-oldversions-deprecate@ietf.org; tls-chairs@ietf.org;
> tls@ietf.org
> Subject: Re: [TLS] Robert Wilton's No Objection on draft-ietf-tls-
> oldversions-deprecate-11: (with COMMENT)
> 
> 
> Hiya,
> 
> On 12/01/2021 18:14, Robert Wilton via Datatracker wrote:
> > Robert Wilton has entered the following ballot position for
> > draft-ietf-tls-oldversions-deprecate-11: No Objection
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to https://www.ietf.org/iesg/statement/discuss-
> criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
> >
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Thank you for purging the old versions of TLS.
> 
> Thanks for trudging through it! :-)
> 
> >
> > There is one sentence in the abstract that I found surprising (if it is
> right).
> >
> > The abstract states: "TLSv1.2 has been the
> >     recommended version for IETF protocols since 2008, providing
> >     sufficient time to transition away from older versions."
> >
> > Should this be "minimum recommended version"?  Otherwise, I don't
> understand
> > why the recommended version of TLS is 1.2 rather than 1.3 (given that
> the TLS
> > 1.2 RFC is marked as obsolete).
> 
> I see what you mean.
> 
> I guess s/has been/became/ would do it? The point isn't so
> much what the current recommended version is/was but more
> that it's been a dozen years since it was TLSv1.1.
[RW] 

Yes, s/has been/became/ helps, but I still think that it implies that TLV 1.2 is the current recommended version of TLS.

Perhaps something along the lines of:

TLSv1.2 became the recommended version for IETF protocols in 2008 (now obsoleted by TLSv1.3 in 2018), providing sufficient time to transition away from older versions."

Regards,
Rob


> 
> 
> Cheers,
> S.
> 
> 
> 
> >
> >
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> >