Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 10 May 2019 06:04 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C3C7120170 for <tls@ietfa.amsl.com>; Thu, 9 May 2019 23:04:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k6BsNbxK2xj2 for <tls@ietfa.amsl.com>; Thu, 9 May 2019 23:04:30 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 431CD12015D for <tls@ietf.org>; Thu, 9 May 2019 23:04:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1557468271; x=1589004271; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=CnKi7oMuWTD8AyXkPGpnk7ZkDjWpGLbLhjh7wosnACA=; b=lLRYvB8IKh8vC7wJgFO4dE159BbPOS8RH5L19ZEjdD5xXFtnKqC1KrXy 9YB9ZVXBgQX5msbLQPU5HFgCjPXD3Tr6J0V5fNF8R1/9EnqzFZ13lb19g 1no+uJtfla7MrfaevTlKVkDYIDDZZB3uUS0MvfMMxDU4awmjHqoljbr73 tjKx5FWQD8uo+N1rnEYDqbxgyDRmpCSnEZQo1/hhBUQrOvzwHpVeuf2RX kIl1CdvwA176r518S1JeSVsXdAwvQeJvfejhNAAjLdlJs/zrOXiFSUKEe H6Yj0clRkCEdXGW8lqUSXWIIXocp+sBF5FiNXrYJev/9SUJe2qhkb7IVO w==;
X-IronPort-AV: E=Sophos;i="5.60,452,1549882800"; d="scan'208";a="61500013"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.8 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-e.UoA.auckland.ac.nz) ([10.6.2.8]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 10 May 2019 18:04:25 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.8) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 10 May 2019 18:04:24 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Fri, 10 May 2019 18:04:23 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Hubert Kario <hkario@redhat.com>, "mrex@sap.com" <mrex@sap.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
Thread-Index: AQHU+8+QtjVLqWiyz0WqN1BpourjtKZM43YAgADkD4CAAGW4gIADRbgAgAMrEACAA/7YAIAAIz4AgAR6F4CAANPyAIAAvI2AgADfaICAAidXgIAA2c2AgAFJXos=
Date: Fri, 10 May 2019 06:04:23 +0000
Message-ID: <1557468257899.11927@cs.auckland.ac.nz>
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <4282272.YYoj4h4VMi@pintsize.usersys.redhat.com> <20190508003157.11F3B404C@ld9781.wdf.sap.corp> <14984380.sTCEapK0kV@pintsize.usersys.redhat.com>, <20190509222449.9C553404C@ld9781.wdf.sap.corp>
In-Reply-To: <20190509222449.9C553404C@ld9781.wdf.sap.corp>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mBp61X6M3bkUtYufQvCQq7dBhXM>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2019 06:04:33 -0000

Martin Rex <mrex@sap.com> writes:

>What *WOULD* provide *HUGE* benefit, would be to remove the dangerous
>"protocol version downgrade dance" from careless applications, that is the
>actual problem known as POODLE, because this subverts the cryptographic
>procection of the TLS handshake protocol.

Is there anything apart from web browsers that engage in this silliness?  I've
never seen it, it's always just "connect with the one true protocol version
and suite" and that's it.

Now admittedly that might be TLS 1.0 with RSA key exchange being selected as
the one true protocol suite (in 2019!), but at least they don't do a downgrade
dance.

>And PLEASE stop unconditionally bashing SHA-1

+1.  It goes well beyond TLS, I've had some totally inane arguments with
people who just seem to want to repeat "SHA-1 bad! SHA-1 bad! SHA-1 bad!"
without being able to explain why it's bad when questioned, i.e. there's no
actual attack possible.  It's a problem when used with long-term signatures
like certs.  It's typically not a problem when used with anything else.

Peter.