IETF Logo Mail Archive

Re: [TLS] How are we planning to deprecate TLS 1.2?

Kenneth Vaughn <kvaughn@trevilon.com> Fri, 03 March 2023 19:24 UTC

Return-Path: <kvaughn@trevilon.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06FFAC14CF1D for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 11:24:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=trevilon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CZ_VuMznYw9X for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 11:23:58 -0800 (PST)
Received: from tre.trevilon.com (tre.trevilon.com [198.57.226.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47981C14CEE4 for <tls@ietf.org>; Fri, 3 Mar 2023 11:23:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=trevilon.com; s=default; h=References:To:Cc:In-Reply-To:Date:Subject: Mime-Version:Content-Type:Message-Id:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Mo+3oa5R+4dktjzhqgoQ7Xe6cKaKtTfPiRsPDI45eOQ=; b=Mmr+fknrxIROjVn/FlYVUDifii eMdPG472dAAJ0thSxOXwq4dXF9xRVVyrdyea8u/NP7McHpaBt2pugsCi6IkxQyzym6C6iylqeQvmM SCMT0/V6TpInxCN2P+2lnBnBo;
Received: from [98.97.177.125] (port=19294 helo=smtpclient.apple) by tre.trevilon.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <kvaughn@trevilon.com>) id 1pYB0W-0008PQ-PR; Fri, 03 Mar 2023 19:23:57 +0000
From: Kenneth Vaughn <kvaughn@trevilon.com>
Message-Id: <BD5AB640-55D5-459B-A5E2-6934E420872F@trevilon.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_840505E8-BE18-4349-A754-6A77B9B29FDA"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Date: Fri, 03 Mar 2023 14:23:55 -0500
In-Reply-To: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
To: Nimrod Aviram <nimrod.aviram@gmail.com>
References: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tre.trevilon.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - trevilon.com
X-Get-Message-Sender-Via: tre.trevilon.com: authenticated_id: kvaughn@trevilon.com
X-Authenticated-Sender: tre.trevilon.com: kvaughn@trevilon.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ju7E5NQuAcmPzGNo2nKThfcVrd4>
Subject: Re: [TLS] How are we planning to deprecate TLS 1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2023 19:24:02 -0000

+1 on the idea, but I am not convinced that the proposed process is sufficient (and/or terms are not adequately clear). 

It seems to me that the time "for everyone to upgrade" will be dependent upon market factors related to the technology being replaced as well as with the severeness of the problem and the nature of the environment. In particular, I would generally expect that there might be different timelines for:
1. The new version being supported by newly purchased implementations
2. The new version being supported by all high-end equipment (e.g., servers) within data centers (i.e., upgrading things that are easy to upgrade)
3. The new version being supported by all equipment within data centers
4. The new version being supported by all high-end equipment installed in the field or mobile devices
5. The new version being supported by all field or mobile devices (e.g., even IoT sensors that use the technology)
6. The old version no longer being enabled

Perhaps part of this was the concept of 1X and 2X because it is unclear why we would allow the use of the old technology if everyone supports the new technology. In any case, I think X is likely to be a variable that has to be established by consensus for each version of each technology (e.g., protocol). However, it might be possible to define a single variable per version while having a standardized formula that customizes the timeline for each of the above, e.g., (based on the item numbers above)
1. 1X
2. 1.5X
3. 1.75X
4. 1.5X
5. 2X
6. 2X

I would assume that all of this would be presented as guidance as I don't think we can dictate what people actually market. This is why I listed item 6 as "enabled" implying that the market could still sell the old technology, but the goal is to make sure it is not being used. 

Regards,
Ken Vaughn

Trevilon LLC
1060 S Hwy 107
Del Rio, TN 37727
+1-571-331-5670 cell
kvaughn@trevilon.com
www.trevilon.com

> On Mar 3, 2023, at 1:17 PM, Nimrod Aviram <nimrod.aviram@gmail.com> wrote:
> 
> Hi Everyone,
> 
> We’ve recently had a brief side discussion around the issue of letting vendors (or operators) know when something is expected to be deprecated:
> https://mailarchive.ietf.org/arch/msg/tls/Djk35kp5P5Z1WfmN8_OJj_eYRLo/
>  <https://mailarchive.ietf.org/arch/msg/tls/Djk35kp5P5Z1WfmN8_OJj_eYRLo/>
> Currently, there is no expected deprecation timeline for any specific primitive or protocol version. As one example, it seems like we plan to deprecate RSA key exchange in TLS 1.2 soon (as part of draft-ietf-tls-deprecate-obsolete-kex). However, so far we did not explicitly communicate this to vendors, and it seems like vendors either have to follow the mailing list and deduce the likelihood of an upcoming deprecation, or face a deprecation RFC at some random point in time (from their point of view).
> 
> And whatever the specifics of RSA key exchange deprecation, this will likely not be the last time we deprecate something :-)
> 
> Specifically, we will have to decide when/if to deprecate version 1.2 of TLS within, say, the next 20 years.
> 
> One possible solution is to publish “expected deprecation timeline” documents:
> Let’s fix some timeframe which “is enough for everyone to upgrade at least once” (famous last words, I know). I think of this timeframe as 3 or 5 years, but it could as well be 8 or 10 years, and this solution would still be viable; let’s denote the number of years as X. So, an “expected deprecation timeline” document could specify that within X years, implementations MUST support TLS 1.3, and within 2X years, implementations MUST NOT support TLS 1.2. (If X=8 years, then we specify that by 2031 implementations MUST support TLS 1.3, and by 2039 implementations MUST NOT support TLS 1.2.) This would clarify the WG’s expectations to vendors, and would save the WG valuable time discussing whether enough implementations in the field support the new protocol/primitive.
> 
> Is there interest here in such a solution?
> 
> Credit where it’s due: This is based on an idea I heard from Dan Bernstein - thanks Dan.
> 
> Best,
> Nimrod
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email