Re: [TLS] preliminary AD review of draft-ietf-tls-oldversions-deprecate-05

Rob Sayre <> Mon, 11 November 2019 22:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 141E8120803; Mon, 11 Nov 2019 14:43:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7AaoUJ7N9nVB; Mon, 11 Nov 2019 14:43:08 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C45291202A0; Mon, 11 Nov 2019 14:43:08 -0800 (PST)
Received: by with SMTP id i6so13608346ilr.11; Mon, 11 Nov 2019 14:43:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ul/KjuvizhMTBR4OejG+5LweF3UHot/WI12akQvDQQQ=; b=NJcVmXQcTuhgv+61euZglJj2AtYIGqUunEgxVHzIyXMkA2lEUN4xaubvBYFAhF1Q6u SfpAapaLKjMdR0+5kvEScJFHGJNPR9jgv0U/MSSAMYi3jin3huVmTaW/EAhNcFqUzRZg zAiN/xzdI6uUzjSlSvHAvLsPVjDZXG6PAb2zV37WXYCEVCNx0cfKEIB3fNzQfjF30Zob wWWFJULgHpkyIapQuqncUtIMhbCkmjxi/+FpYsychNeBuNMWGKk7cifeo3e/Y8WLbH+3 A5/N3Zu9Vj3QubN8hG0TahA9vMTjJwJKL+l8cUr8gdgzXrZSVEMSiZOMkIfy5+UMP5MF W0xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ul/KjuvizhMTBR4OejG+5LweF3UHot/WI12akQvDQQQ=; b=PiekC5oC45KmMdmPmNMoooAS/emq3OL9YgDScMt6KBqqshyZkMJFj0RRrytW0Q7GMn IFleOVIxjZdok7h/hnmw8O1woXXKUhUSpwkgjH7rhwkk446JDQ6pEpxicuVCQiNH9Lj1 fuYKc+YOdl6qLJ0H2OuBGCCjXI1nQziZN0mao12+KCNuwXV2mQwDi22L18oLWjr2G2Ja /IK6Gw+bfKT8RsqTjuXA55+L1vYQNAxFgoioNrkK+dlOlwWrPuRZUPD8DCzQnEBq2t70 1z+OvgHh6bmDAvPFtk2qu3s/1Zw8+XwKmGtYwVdO32ySDVyD1c4Jfe639T89xjHVR/MQ wf/Q==
X-Gm-Message-State: APjAAAXm5gD3AFaZ5GvW9jc+S2+P4YRffijZrBKtqS9VzxiTzJyaUCNg E6r3Zfon3lSfa1PqTO5LI//jRdwrZL+RAbSbuiY=
X-Google-Smtp-Source: APXvYqw9f004v/gIAGuqQfmSD9EofkGHxK3I6PofVeAj21AaN+9hCA1K+uJhXYyUXodZOWXiwebGFE2Ko9slosbBt7E=
X-Received: by 2002:a92:8388:: with SMTP id p8mr33751778ilk.49.1573512187893; Mon, 11 Nov 2019 14:43:07 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Rob Sayre <>
Date: Mon, 11 Nov 2019 14:42:56 -0800
Message-ID: <>
To: "Kaduk, Ben" <>
Cc: Stephen Farrell <>, "" <>, "" <>
Content-Type: multipart/alternative; boundary="000000000000025b1f059719db58"
Archived-At: <>
Subject: Re: [TLS] preliminary AD review of draft-ietf-tls-oldversions-deprecate-05
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Nov 2019 22:43:11 -0000

On Mon, Nov 11, 2019 at 12:27 PM Kaduk, Ben <> wrote:

> The one concrete one that I remember (and can't attribute to the HTMLized
> version dropping stuff) is RFC 7030 only in the header.
> I guess we can check what we want to do to DTLS as well, as RFC 6347 is
> listed as Updates:-ed but that's the DTLS 1.2 spec.  (6347 itself
> confusingly claims in the body text to "update DTLS 1.0 to work with TLS
> 1.2" but has an "Obsoletes: 4347" header.)  I don't see what specifically
> we update in 6347.

 I think the text in question is the last paragraph of RFC 6347's

"Implementations that speak both DTLS 1.2 and DTLS 1.0 can
   interoperate with those that speak only DTLS 1.0 (using DTLS 1.0 of
   course), just as TLS 1.2 implementations can interoperate with
   previous versions of TLS (see Appendix E.1 of [TLS12] for details),
   with the exception that there is no DTLS version of SSLv2 or SSLv3,
   so backward compatibility issues for those protocols do not apply."

This draft says "don't interoperate" in this situation.