Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 141E8120803;
 Mon, 11 Nov 2019 14:43:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 7AaoUJ7N9nVB; Mon, 11 Nov 2019 14:43:08 -0800 (PST)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com
 [IPv6:2607:f8b0:4864:20::12d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id C45291202A0;
 Mon, 11 Nov 2019 14:43:08 -0800 (PST)
Received: by mail-il1-x12d.google.com with SMTP id i6so13608346ilr.11;
 Mon, 11 Nov 2019 14:43:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=ul/KjuvizhMTBR4OejG+5LweF3UHot/WI12akQvDQQQ=;
 b=NJcVmXQcTuhgv+61euZglJj2AtYIGqUunEgxVHzIyXMkA2lEUN4xaubvBYFAhF1Q6u
 SfpAapaLKjMdR0+5kvEScJFHGJNPR9jgv0U/MSSAMYi3jin3huVmTaW/EAhNcFqUzRZg
 zAiN/xzdI6uUzjSlSvHAvLsPVjDZXG6PAb2zV37WXYCEVCNx0cfKEIB3fNzQfjF30Zob
 wWWFJULgHpkyIapQuqncUtIMhbCkmjxi/+FpYsychNeBuNMWGKk7cifeo3e/Y8WLbH+3
 A5/N3Zu9Vj3QubN8hG0TahA9vMTjJwJKL+l8cUr8gdgzXrZSVEMSiZOMkIfy5+UMP5MF
 W0xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=ul/KjuvizhMTBR4OejG+5LweF3UHot/WI12akQvDQQQ=;
 b=PiekC5oC45KmMdmPmNMoooAS/emq3OL9YgDScMt6KBqqshyZkMJFj0RRrytW0Q7GMn
 IFleOVIxjZdok7h/hnmw8O1woXXKUhUSpwkgjH7rhwkk446JDQ6pEpxicuVCQiNH9Lj1
 fuYKc+YOdl6qLJ0H2OuBGCCjXI1nQziZN0mao12+KCNuwXV2mQwDi22L18oLWjr2G2Ja
 /IK6Gw+bfKT8RsqTjuXA55+L1vYQNAxFgoioNrkK+dlOlwWrPuRZUPD8DCzQnEBq2t70
 1z+OvgHh6bmDAvPFtk2qu3s/1Zw8+XwKmGtYwVdO32ySDVyD1c4Jfe639T89xjHVR/MQ
 wf/Q==
X-Gm-Message-State: APjAAAXm5gD3AFaZ5GvW9jc+S2+P4YRffijZrBKtqS9VzxiTzJyaUCNg
 E6r3Zfon3lSfa1PqTO5LI//jRdwrZL+RAbSbuiY=
X-Google-Smtp-Source: APXvYqw9f004v/gIAGuqQfmSD9EofkGHxK3I6PofVeAj21AaN+9hCA1K+uJhXYyUXodZOWXiwebGFE2Ko9slosbBt7E=
X-Received: by 2002:a92:8388:: with SMTP id p8mr33751778ilk.49.1573512187893; 
 Mon, 11 Nov 2019 14:43:07 -0800 (PST)
MIME-Version: 1.0
References: <20191111195325.GE32847@kduck.mit.edu>
 <0df737cb-4947-4926-2c6d-dd3583356a2c@cs.tcd.ie>
 <D701674A-28EF-4B0B-8F57-6C6B4D83D37A@akamai.com>
In-Reply-To: <D701674A-28EF-4B0B-8F57-6C6B4D83D37A@akamai.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 11 Nov 2019 14:42:56 -0800
Message-ID: <CAChr6Swr8PWN=HHrGfnZ+5_8rd2YyfC7SE2+9tBk2D8DNSQMeg@mail.gmail.com>
To: "Kaduk, Ben" <bkaduk@akamai.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, 
 "draft-ietf-tls-oldversions-deprecate.all@ietf.org"
 <draft-ietf-tls-oldversions-deprecate.all@ietf.org>, 
 "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000025b1f059719db58"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nDhuDUzKZrD9OtpXtwqnl3TN1G8>
Subject: Re: [TLS] preliminary AD review of
 draft-ietf-tls-oldversions-deprecate-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2019 22:43:11 -0000

--000000000000025b1f059719db58
Content-Type: text/plain; charset="UTF-8"

On Mon, Nov 11, 2019 at 12:27 PM Kaduk, Ben <bkaduk@akamai.com> wrote:

> The one concrete one that I remember (and can't attribute to the HTMLized
> version dropping stuff) is RFC 7030 only in the header.
>
> I guess we can check what we want to do to DTLS as well, as RFC 6347 is
> listed as Updates:-ed but that's the DTLS 1.2 spec.  (6347 itself
> confusingly claims in the body text to "update DTLS 1.0 to work with TLS
> 1.2" but has an "Obsoletes: 4347" header.)  I don't see what specifically
> we update in 6347.
>

 I think the text in question is the last paragraph of RFC 6347's
Introduction:

"Implementations that speak both DTLS 1.2 and DTLS 1.0 can
   interoperate with those that speak only DTLS 1.0 (using DTLS 1.0 of
   course), just as TLS 1.2 implementations can interoperate with
   previous versions of TLS (see Appendix E.1 of [TLS12] for details),
   with the exception that there is no DTLS version of SSLv2 or SSLv3,
   so backward compatibility issues for those protocols do not apply."

This draft says "don't interoperate" in this situation.

thanks,
Rob

--000000000000025b1f059719db58
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Mon, Nov 11, 2019 at 12:27 PM Kaduk, B=
en &lt;<a href=3D"mailto:bkaduk@akamai.com">bkaduk@akamai.com</a>&gt; wrote=
:<br></div><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddi=
ng-left:1ex">The one concrete one that I remember (and can&#39;t attribute =
to the HTMLized version dropping stuff) is RFC 7030 only in the header.<br>
<br>
I guess we can check what we want to do to DTLS as well, as RFC 6347 is lis=
ted as Updates:-ed but that&#39;s the DTLS 1.2 spec.=C2=A0 (6347 itself con=
fusingly claims in the body text to &quot;update DTLS 1.0 to work with TLS =
1.2&quot; but has an &quot;Obsoletes: 4347&quot; header.)=C2=A0 I don&#39;t=
 see what specifically we update in 6347.<br></blockquote><div><br></div><d=
iv>=C2=A0I think the text in question is the last paragraph of RFC 6347&#39=
;s Introduction:</div><div><br></div><div>&quot;Implementations that speak =
both DTLS 1.2 and DTLS 1.0 can</div>=C2=A0 =C2=A0interoperate with those th=
at speak only DTLS 1.0 (using DTLS 1.0 of<br>=C2=A0 =C2=A0course), just as =
TLS 1.2 implementations can interoperate with<br>=C2=A0 =C2=A0previous vers=
ions of TLS (see Appendix E.1 of [TLS12] for details),<br>=C2=A0 =C2=A0with=
 the exception that there is no DTLS version of SSLv2 or SSLv3,<br>=C2=A0 =
=C2=A0so backward compatibility issues for those protocols do not apply.&qu=
ot;</div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">Th=
is draft says &quot;don&#39;t interoperate&quot; in this situation.</div><d=
iv class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">thanks,</div>=
<div class=3D"gmail_quote">Rob</div><div class=3D"gmail_quote"><br></div></=
div>

--000000000000025b1f059719db58--