Re: [TLS] ban more old crap

Martin Thomson <martin.thomson@gmail.com> Sat, 25 July 2015 17:01 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 455F31A886C for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 10:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LKme3_HQUPUL for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 10:01:43 -0700 (PDT)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0349D1A7D83 for <tls@ietf.org>; Sat, 25 Jul 2015 10:01:43 -0700 (PDT)
Received: by ykdu72 with SMTP id u72so41378736ykd.2 for <tls@ietf.org>; Sat, 25 Jul 2015 10:01:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/9PpO5UBdUHEgbgy7ByM1hHV0w0j5b+2BolT9eRG2SI=; b=ZfcXUFpX46T5PKLGE56Abd7d4Zdmf9LxViLaVioxx96m+jZ31E2V7j2eVNk8c5ctNi I/vs1ez+FNagerw242aZgFC7C1nWaD078JdEA0c6d3yhSzcK1ePYnzwa/qdu7cUAQ0H4 jr0Ku1tnRczCfdgrnV5q9ynlUz+JxHzkmnFhpv8iGoZQZVBltrM7eAcdAnFwOj7MuNOu J9k35XUAiwIKkq9+n6rPREhOWsGUvx5a4vK0Gy92FBg7addrEW6o7ge5qEj761q0LqAV drP6hm9tFK/MRPD5IBw7px26Pl4LNLrb6uh/IPj/Du6TKiNnCFUGwKCKVDMN9nGFbIs8 5XzQ==
MIME-Version: 1.0
X-Received: by 10.170.86.132 with SMTP id d126mr21623071yka.57.1437843702365; Sat, 25 Jul 2015 10:01:42 -0700 (PDT)
Received: by 10.129.110.138 with HTTP; Sat, 25 Jul 2015 10:01:42 -0700 (PDT)
In-Reply-To: <1fd27bd0bb81466ab5fb134acd8b07f4@ustx2ex-dag1mb2.msg.corp.akamai.com>
References: <201507221610.27729.davemgarrett@gmail.com> <201507241257.43115.davemgarrett@gmail.com> <2164745.i4WjRk8WKj@pintsize.usersys.redhat.com> <201507241403.14071.davemgarrett@gmail.com> <20150725054622.GK4347@mournblade.imrryr.org> <55B38A47.2010002@cs.tcd.ie> <A6D81D41-6D54-4EA6-ABD3-B3C9EF05D15B@inria.fr> <CABcZeBOwO2tWa37qaNCi0scYZbEu-sCEbPoxTBS-v_Jpiz2uLw@mail.gmail.com> <CABkgnnXKHNcZOBr3CFH9xhmwn_fp2imj0kS-Piw=YXD3LJdcAQ@mail.gmail.com> <1fd27bd0bb81466ab5fb134acd8b07f4@ustx2ex-dag1mb2.msg.corp.akamai.com>
Date: Sat, 25 Jul 2015 19:01:42 +0200
Message-ID: <CABkgnnWasDygVKxU1z57D1nCwECR+BU8+XDyn46_FL0UkVbJdw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/kmfU0bXuSGFG96d0voO_Dp8ffJM>
Cc: ML IETF TLS <tls@ietf.org>
Subject: Re: [TLS] ban more old crap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 17:01:44 -0000

On 25 July 2015 at 17:48, Salz, Rich <rsalz@akamai.com> wrote:
> "we" meaning browsers.  "we" not being everyone who will use TLS 1.3
>
> Ekr has pointed out a problem; if you connect with a protocol range and proffer RC4, can we do anything about it except point out multiple times that 1.3 servers MUST NOT accept it?


Agreed.  But I'll point out that other users of TLS will likely not be
doing fallback either, so they have to deal with offering what they
support straight up.

Prohibiting RC4 probably won't do anything more than what our existing
efforts are doing already.