Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
nalini elkins <nalini.elkins@e-dco.com> Wed, 11 July 2018 05:45 UTC
Return-Path: <nalini.elkins@e-dco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0513126F72 for <tls@ietfa.amsl.com>; Tue, 10 Jul 2018 22:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=e-dco-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nVOtrxW-nyLa for <tls@ietfa.amsl.com>; Tue, 10 Jul 2018 22:45:31 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C10EE130DE9 for <tls@ietf.org>; Tue, 10 Jul 2018 22:45:30 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id f18-v6so4148755lfc.2 for <tls@ietf.org>; Tue, 10 Jul 2018 22:45:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e-dco-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gQM8aCxbgeWzhupEeM0HI9wzR1CnW3oTb5sElS2V7zM=; b=e4lk1xvY3gY8xaOGI0dSStTANrA2zSIf/2ODy2hleJxo+kEqwAe36HLMK5PEPWIKPO WATXmy9ixLZgM2ycUK/dD3RV0k+qhXliJmg0ptB6jtnSf/u7UTJyeAhkX1JAw+Cxn5Un g6+nrF64A9mrvvTIC58uKcsqjqbFYRbxkYpa8peAD3cKcSAtz36xMvAsg9ns85MYVPz7 m6walaD6p2mSzWGTpEYYW3EX8qCx5yk1X/+GcPpuFETTmQJo4kV/rWUezR/vgs+91dc/ Gz57ArfNPd7NYgGbB+R/ZYtHQERlfNqBVTZ8AxLrMiMzhqqn5DDVNPfzOn71vYFo6eDM 0KRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gQM8aCxbgeWzhupEeM0HI9wzR1CnW3oTb5sElS2V7zM=; b=VjKorELKS3BPPi7EA82yIa/qc7w2p0hTMCFvFdeGuWV3UNcHkBLrAiOvJ1vayLtgxg IAO2eRO97atX7aDVC9lxtBo+MA+IP0aSD3NkdftyAjabHPy3VKrTZwAG55vm6ui0cyv4 cBOxafLPWTmOpwnJq1LcbhzKC2F22Y+jw5w2gFx3Iw1aORPek1HL0d03jJaZGNzQ6v7w D7my75YJLDvidIrM6M0s90lS0e+vSZZqzZ1xGKPOns73yoRjny4J6xpzyBA+/ICtLCEa pJbQERJmhjEX8rnGWIzWPQMlH4CID8xIpjP0iTUpdP/qsHs1Zy5K0E3I9h0ENd0CGeh1 qroQ==
X-Gm-Message-State: APt69E0AGb5WDenq8SP3jM3/95eCVXzBuJ9uUhnB6AgGao8N7PBT3od7 3KdPceGKa6XBLM6jt1fVkk5qi4fQxb0/9s+Neg7DiF1Y
X-Google-Smtp-Source: AAOMgpfI1OJrZdpRGBgtsm8w/Gj5t1CnC+e8cPhGp+PfEDy6Ptqkir8yNyRvSs3AC0JFUWfWp29gCCCUwUEc84XTWz4=
X-Received: by 2002:a19:c301:: with SMTP id t1-v6mr4601508lff.45.1531287928907; Tue, 10 Jul 2018 22:45:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab3:f8d:0:0:0:0:0 with HTTP; Tue, 10 Jul 2018 22:45:28 -0700 (PDT)
In-Reply-To: <2ad88b61-aa3c-88d4-dfef-bcd78eeeeeca@cs.tcd.ie>
References: <152934875755.3094.4484881874912460528.idtracker@ietfa.amsl.com> <CAHbuEH5J-F2cKag02Vx416jsy1N6XZOju28H99WAt71Pc5optg@mail.gmail.com> <CABcZeBN4RPt_=zu-PTPeaYbQ4KxC8DAf=a7359pZDjYavpxecw@mail.gmail.com> <CABcZeBMzweULuOfxe_Dp7n6M7Lt77_1Qq92=KzfmuBeShUSCDQ@mail.gmail.com> <CY4PR21MB0774BE80A4424D41D0C8C4138C440@CY4PR21MB0774.namprd21.prod.outlook.com> <CAPsNn2U-WqPM-Tqun4NQkhy+ctpkdjkXj_dFurChKDB3f=WqRA@mail.gmail.com> <2ad88b61-aa3c-88d4-dfef-bcd78eeeeeca@cs.tcd.ie>
From: nalini elkins <nalini.elkins@e-dco.com>
Date: Wed, 11 Jul 2018 11:15:28 +0530
Message-ID: <CAPsNn2UyQMEnS7y-Vgpt7j7c_z38OyhPgguvD7m54yVT013u6g@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000d3b710570b2c10e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nGoefE5_e1HQ2L9Je6vsBSVIK9o>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 05:45:34 -0000
Stephen, > I'd love to add more detail like that and/or more sections for other protocols if folks have data to offer with references. I believe that I can reach out to various people I know. Please comment if my methodology is acceptable and if you think this will be helpful. I am thinking the following: Location: U.S. / Canada (possibly U.K.) - 3 banks (hopefully from the top 5) - 3 large insurance companies (includes back end processing) - 3 U.S. federal government agencies - 3 companies in the Wall Street / Stock brokerage sector (includes back end processing) - 3 large credit card / processors (ex. Visa, Discover, MasterCard, etc.) - 3 in the retail sector (Home Depot, Target, Lowes, et al) Note: I put in "back end processing" because these are the folks that most often have many connections to other business partners and so in some ways have the most complex systems to deal with. Note #2: This is aspirational! I hope I can get all these people to cooperate. I will try at least to get some in each category. I will ask them the following questions: 1. How many applications do you have? (This may end up being only the mission critical ones as otherwise it may be too hard to obtain.) 2. How many are using TLS and how many are still plain text? (We will disregard SSH and other such variants.) 3. What percent of clients are using a pre-TLS1.2 version? (This will be an estimation.) 4. Do you have an active project to migrate off of older versions of TLS? 5. What do you estimate your percent of clients using pre-TLS1.2 versions to be next year? Please let me know if this will be of use & if you have suggestions for improvement. Thanks, Nalini On Tue, Jul 10, 2018 at 1:51 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hi Nalini, > > On 10/07/18 04:50, nalini elkins wrote: > > It would be nice to see some of this reflected in the draft rather than > > only statistics on browsers. The real usage of these protocols is far > > more complex. > > I didn't have time before the I-D cutoff but have since > added a section on mail to the repo pre-01 version. (See > [1] section 3.2.) I'd love to add more detail like that > and/or more sections for other protocols if folks have > data to offer with references. > > Consistent with other folks' numbers sent to the list > yesterday, (though based on a much smaller sat of data I > guess;-) my data shows 10.6% use of TLSv1.0 when talking > SMTP/IMAP/POP (or HTTP) over TLS to a population of ~200K > IP addresses that listen on port 25 (mail servers). > > What I don't currently have is a rate of change for that > figure. I think that rate of change is the important number > for figuring out what to do in the next while. E.g. The > WG might conclude that if the percentage of TLSv1.0 is > moving down nicely, we should be a bit patient. If it's > not moving at all, we can probably move now or in 5 years > without that being different. If we're not sure, then get > more data... > > Cheers, > S. > > [1] > https://github.com/sftcd/tls-oldversions-diediedie/blob/mast > er/draft-moriarty-tls-oldversions-diediedie.txt > -- Thanks, Nalini Elkins President Enterprise Data Center Operators www.e-dco.com
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Eric Rescorla
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- [TLS] raising ceiling vs. floor (was: New Version… Viktor Dukhovni
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Martin Thomson
- Re: [TLS] Fwd: New Version Notification for draft… Martin Rex
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- [TLS] Fwd: New Version Notification for draft-mor… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Loganaden Velvindron
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] Fwd: New Version Notification for draft… Alessandro Ghedini
- Re: [TLS] Fwd: New Version Notification for draft… Andrei Popov
- Re: [TLS] Fwd: New Version Notification for draft… Eric Mill
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Viktor Dukhovni
- Re: [TLS] raising ceiling vs. floor (was: New Ver… David Benjamin
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… Viktor Dukhovni
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Phil Pennock
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] [CAUTION] Re: Fwd: New Version Notifica… Martin Rex
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] raising ceiling vs. floor (was: New Ver… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] [CAUTION] Re: Fwd: New Version Notifica… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… Kathleen Moriarty
- Re: [TLS] Fwd: New Version Notification for draft… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… nalini elkins
- Re: [TLS] Fwd: New Version Notification for draft… Eric Rescorla
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Christopher Wood
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Hubert Kario
- Re: [TLS] Fwd: New Version Notification for draft… Jeremy Harris
- Re: [TLS] Fwd: New Version Notification for draft… Artyom Gavrichenkov
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Artyom Gavrichenkov