Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Ben Smyth <research@bensmyth.com> Tue, 01 December 2020 05:52 UTC

Return-Path: <research@bensmyth.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B9DA3A0A51 for <tls@ietfa.amsl.com>; Mon, 30 Nov 2020 21:52:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bensmyth.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zdy6UYUQs6Kt for <tls@ietfa.amsl.com>; Mon, 30 Nov 2020 21:52:32 -0800 (PST)
Received: from 2.smtp.34sp.com (2.array2.smtp.34sp.com [IPv6:2a00:1ee0:2:5::2eb7:902]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B68E33A0A4F for <tls@ietf.org>; Mon, 30 Nov 2020 21:52:31 -0800 (PST)
Received: from smtpauth2.mailarray.34sp.com (lvs5.34sp.com [46.183.13.73]) by 2.smtp.34sp.com (Postfix) with ESMTPS id 36DD25816CF for <tls@ietf.org>; Tue, 1 Dec 2020 05:52:25 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bensmyth.com; s=dkim; t=1606801945; bh=oqx5oQgDom/zTrrhKJEY3icrNc8uSobGSO7gvwRarG8=; h=References:In-Reply-To:Reply-To:From:Date:Subject:To:Cc; b=Cywk8prlFv9O4nzEeBeWh2KY82wDnMiQSZfb6cCNGF++Zdr/tMrqGofYnCIiaOdME U8J3XaD3+0ntkU3hfnbozbQOcz1N2iqrtpYvkWQJRHH5ECUSBptY8XcqWuh32j59MM zJj4GBngVFKQ4tTN7n8HJWShfso2XO3KATrJemKo=
Received: from mail-vs1-f42.google.com ([209.85.217.42]:36516) by smtpauth2.mailarray.34sp.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <research@bensmyth.com>) id 1kjyaO-0006Kg-PP; Tue, 01 Dec 2020 05:52:24 +0000
Received: by mail-vs1-f42.google.com with SMTP id m62so308294vsd.3; Mon, 30 Nov 2020 21:52:24 -0800 (PST)
X-Gm-Message-State: AOAM530jqolkC6uGswroHcxyulnCWPfJ+wHpqERdJs89CLuB9qgQUOTh 57SaQzOU7ZUmO3DURPl7hCdsvzJyOfzw7Ceh2Ec=
X-Google-Smtp-Source: ABdhPJxQoXtMZw/9E+Z6VQo3ivy8ius/DLu8yhmzerse/B8HR4VaFf5kI09YkkX+zm4N64C0vq8rzIfyI6krXEXknac=
X-Received: by 2002:a05:6102:802:: with SMTP id g2mr1198233vsb.8.1606801943351; Mon, 30 Nov 2020 21:52:23 -0800 (PST)
MIME-Version: 1.0
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie>
In-Reply-To: <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie>
Reply-To: research@bensmyth.com
From: Ben Smyth <research@bensmyth.com>
Date: Tue, 1 Dec 2020 06:52:12 +0100
X-Gmail-Original-Message-ID: <CA+_8xu2V7ZD9jmSH3t=yQua2WO=DjGYAgs196Xc2ba5UtOX29w@mail.gmail.com>
Message-ID: <CA+_8xu2V7ZD9jmSH3t=yQua2WO=DjGYAgs196Xc2ba5UtOX29w@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Keith Moore <moore@network-heretics.com>, last-call@ietf.org, draft-ietf-tls-oldversions-deprecate@ietf.org, tls-chairs@ietf.org, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000ed54305b560bb5a"
X-Authenticated-As: research@bensmyth.com
X-OriginalSMTPIP: 209.85.217.42
X-34spcom-MailScanner-Information: Please contact the ISP for more information
X-34spcom-MailScanner-ID: 36DD25816CF.A4A41
X-34spcom-MailScanner: Found to be clean
X-34spcom-MailScanner-SpamCheck: not spam, SpamAssassin (score=-11.1, required 6.5, autolearn=disabled, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, SPF_PASS -0.00, X34SP_ALLOW_GMAIL_EVEN_IF_BLACKLISTED -10.00, X34SP_OVERRIDE -1.00)
X-34spcom-MailScanner-From: research@bensmyth.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nA_XFY8_lx0R2cEiP8H36vpiZH0>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 05:52:34 -0000

I haven't followed all the nuances of this discussion, but it seems to boil
down to use of "MUST NOT" when certain "EXCEPTIONS MAY" exist for private
enterprise running legacy kit, which makes decision makers anxious, since
they don't want responsibility for something they "MUST NOT" do: A solution
might be to introduce "MUST NOT...EXCEPTIONS MAY" language, thereby
allowing sectors to define their standards/principles/expectations.