Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Yoav Nir <ynir.ietf@gmail.com> Thu, 21 May 2015 22:34 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774411A0191 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 15:34:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2lDHOogZH18 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 15:34:13 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E03DF1A001D for <tls@ietf.org>; Thu, 21 May 2015 15:34:12 -0700 (PDT)
Received: by wicmx19 with SMTP id mx19so29868908wic.0 for <tls@ietf.org>; Thu, 21 May 2015 15:34:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3CZw/7Sg3emuV5N5A6wuloRBCpQW7EctA4cr1FVxyZ4=; b=dWeHXobn3SVvXoyKY69NFEHnIoDQraHZWW0gy9U/CBRVg5nCr9BWkbd27gua8t12CU 5c8YgJfP5AnMSqs1AAEDFZ2WvwGQWhnIgRYpLvld/8+QTCxyCcgxvYzX88obSh7BPRX0 LbdsY9Ab2lLrt3vrdSHLr8626LLUgycF7TUchaJYEgsd0I/uCjeD/DhwrAgnQ+zey0oB vJq9DIvr8y3VVFuMY5JYrSi5fxjhH/IB44UruGg41qJ8C+IR/ewAitW71V05po7EJkat Cr+yYLyMJpPIBDkj86NaToohtdFRrJ7ETg0+iCiMNkBprTrE1FyOMwG3ay1sLfNqFDo6 ke7A==
X-Received: by 10.180.107.70 with SMTP id ha6mr1692331wib.20.1432247651691; Thu, 21 May 2015 15:34:11 -0700 (PDT)
Received: from [192.168.1.17] ([46.120.13.132]) by mx.google.com with ESMTPSA id g11sm300781wjr.25.2015.05.21.15.34.10 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 21 May 2015 15:34:10 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <201505211816.42606.davemgarrett@gmail.com>
Date: Fri, 22 May 2015 01:34:08 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <9ED694CA-2271-42DD-B094-55B560B9C76B@gmail.com>
References: <201505211210.43060.davemgarrett@gmail.com> <BLU177-W43B228C6C40A3EFFF6D0AC3C10@phx.gbl> <08521CEE-F00B-40B5-9A91-D290ED56EE67@gmail.com> <201505211816.42606.davemgarrett@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ip7xfr9cq7KlVEZxdIoUfrqwU8w>
Cc: "maray@microsoft.com" <maray@microsoft.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 22:34:14 -0000

> On May 22, 2015, at 1:16 AM, Dave Garrett <davemgarrett@gmail.com>; wrote:
> 
> On Thursday, May 21, 2015 05:50:26 pm Yoav Nir wrote:
>> According to netmarketshare.com Windows XP is still 16% of desktops/laptops (as measured by web traffic). Add some older mac OS X versions and you reach 17%. Even mobile has some older versions. What this is proposing is to require servers to cut all of those off as a pre-requisite to supporting TLS 1.3.
> 
> Windows XP & old Mac OS X users can install Mozilla Firefox or Google Chrome (or one of the browsers based on one). It's just the built in browser that won't work because the vendor dropped support.

And you are proposing that we force them to do this? Worse, you are proposing that we deputize all server operators in forcing them to replace their browser?