Re: [TLS] Fixing TLS

"Salz, Rich" <rsalz@akamai.com> Wed, 13 January 2016 13:16 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FBD01ACE14 for <tls@ietfa.amsl.com>; Wed, 13 Jan 2016 05:16:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2FlRx1YenM3 for <tls@ietfa.amsl.com>; Wed, 13 Jan 2016 05:16:34 -0800 (PST)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 78D561ACD57 for <tls@ietf.org>; Wed, 13 Jan 2016 05:16:34 -0800 (PST)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id D6AED16CA75; Wed, 13 Jan 2016 13:16:33 +0000 (GMT)
Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id C0DC016CA1A; Wed, 13 Jan 2016 13:16:33 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1452690993; bh=WzeybjlwgjRStAKm0o5/+qBJWH6199zVKXEitaFnq7g=; l=174; h=From:To:Date:References:In-Reply-To:From; b=YNb8k/tQ1kwge3oFkGXsK8eEqdZVJbh1/MOSoQ2oQsEZifKhFh6ZNgEUaoigToJRn ayqmGRniE0pmB+3Oxv+vnRtm4MGvC5PJu7nokj5iS4ajwPhWM3e0bGf4tWY1X450KK TuK1X1x+jR4J8R/pbtBWCsR0o4sHL/k8qsn/7CDY=
Received: from email.msg.corp.akamai.com (usma1ex-cas3.msg.corp.akamai.com [172.27.123.32]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id 9D9EF98082; Wed, 13 Jan 2016 13:16:33 +0000 (GMT)
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Wed, 13 Jan 2016 05:16:32 -0800
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1076.000; Wed, 13 Jan 2016 08:16:33 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Hubert Kario <hkario@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Fixing TLS
Thread-Index: AdFNQhHrFy3mVBx6TGiPN32I/iztzQARGeWAABC3dwAAAK0nAAAVryGAAAFiWoAACPG4oA==
Date: Wed, 13 Jan 2016 13:16:32 +0000
Message-ID: <94395a3c029c493eb491eb3db90e3ed1@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <9A043F3CF02CD34C8E74AC1594475C73F4BC6849@uxcn10-5.UoA.auckland.ac.nz> <9A043F3CF02CD34C8E74AC1594475C73F4BC727B@uxcn10-5.UoA.auckland.ac.nz> <CACsn0ckao2wyptscLq1feQUWyPkkHm6mmarF=7roWv8vGAZkxA@mail.gmail.com>, <1697088.4ma2uCFsM4@pintsize.usersys.redhat.com> <9A043F3CF02CD34C8E74AC1594475C73F4BC7853@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4BC7853@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.32.81]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ib62gN0T1Cuhqo9NcSaerpGHAtI>
Subject: Re: [TLS] Fixing TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 13:16:35 -0000

> TLS needs an LTS version that you can just push out and leave to its own
> devices

So don't you have that with TLS 1.1 and appropriate cipher and option choices?