Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt

nalini elkins <> Wed, 11 July 2018 05:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E0513126F72 for <>; Tue, 10 Jul 2018 22:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nVOtrxW-nyLa for <>; Tue, 10 Jul 2018 22:45:31 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C10EE130DE9 for <>; Tue, 10 Jul 2018 22:45:30 -0700 (PDT)
Received: by with SMTP id f18-v6so4148755lfc.2 for <>; Tue, 10 Jul 2018 22:45:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gQM8aCxbgeWzhupEeM0HI9wzR1CnW3oTb5sElS2V7zM=; b=e4lk1xvY3gY8xaOGI0dSStTANrA2zSIf/2ODy2hleJxo+kEqwAe36HLMK5PEPWIKPO WATXmy9ixLZgM2ycUK/dD3RV0k+qhXliJmg0ptB6jtnSf/u7UTJyeAhkX1JAw+Cxn5Un g6+nrF64A9mrvvTIC58uKcsqjqbFYRbxkYpa8peAD3cKcSAtz36xMvAsg9ns85MYVPz7 m6walaD6p2mSzWGTpEYYW3EX8qCx5yk1X/+GcPpuFETTmQJo4kV/rWUezR/vgs+91dc/ Gz57ArfNPd7NYgGbB+R/ZYtHQERlfNqBVTZ8AxLrMiMzhqqn5DDVNPfzOn71vYFo6eDM 0KRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gQM8aCxbgeWzhupEeM0HI9wzR1CnW3oTb5sElS2V7zM=; b=VjKorELKS3BPPi7EA82yIa/qc7w2p0hTMCFvFdeGuWV3UNcHkBLrAiOvJ1vayLtgxg IAO2eRO97atX7aDVC9lxtBo+MA+IP0aSD3NkdftyAjabHPy3VKrTZwAG55vm6ui0cyv4 cBOxafLPWTmOpwnJq1LcbhzKC2F22Y+jw5w2gFx3Iw1aORPek1HL0d03jJaZGNzQ6v7w D7my75YJLDvidIrM6M0s90lS0e+vSZZqzZ1xGKPOns73yoRjny4J6xpzyBA+/ICtLCEa pJbQERJmhjEX8rnGWIzWPQMlH4CID8xIpjP0iTUpdP/qsHs1Zy5K0E3I9h0ENd0CGeh1 qroQ==
X-Gm-Message-State: APt69E0AGb5WDenq8SP3jM3/95eCVXzBuJ9uUhnB6AgGao8N7PBT3od7 3KdPceGKa6XBLM6jt1fVkk5qi4fQxb0/9s+Neg7DiF1Y
X-Google-Smtp-Source: AAOMgpfI1OJrZdpRGBgtsm8w/Gj5t1CnC+e8cPhGp+PfEDy6Ptqkir8yNyRvSs3AC0JFUWfWp29gCCCUwUEc84XTWz4=
X-Received: by 2002:a19:c301:: with SMTP id t1-v6mr4601508lff.45.1531287928907; Tue, 10 Jul 2018 22:45:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab3:f8d:0:0:0:0:0 with HTTP; Tue, 10 Jul 2018 22:45:28 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <>
From: nalini elkins <>
Date: Wed, 11 Jul 2018 11:15:28 +0530
Message-ID: <>
To: Stephen Farrell <>
Cc: "<>" <>
Content-Type: multipart/alternative; boundary="0000000000000d3b710570b2c10e"
Archived-At: <>
Subject: Re: [TLS] Fwd: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 Jul 2018 05:45:34 -0000


> I'd love to add more detail like that and/or more sections for other
protocols if folks have data to offer with references.

I believe that I can reach out to various people I know.   Please comment
if my methodology is acceptable and if you think this will be helpful.

I am thinking the following:

Location: U.S. / Canada (possibly U.K.)

-  3 banks (hopefully from the top 5)
-  3 large insurance companies  (includes back end processing)
-  3 U.S. federal government agencies
-  3 companies in the Wall Street / Stock brokerage sector (includes back
end processing)
-  3 large credit card / processors (ex. Visa, Discover, MasterCard, etc.)
-  3 in the retail sector (Home Depot, Target, Lowes, et al)

Note: I put in "back end processing" because these are the folks that most
often have many connections to other business partners and so in some ways
have the most complex systems to deal with.

Note #2:  This is aspirational!  I hope I can get all these people to
cooperate.  I will try at least to get some in each category.

I will ask them the following questions:

1.  How many applications do you have?  (This may end up being only the
mission critical ones as otherwise it may be too hard to obtain.)

2.   How many are using TLS and how many are still plain text?  (We will
disregard SSH and other such variants.)

3.   What percent of clients are using a pre-TLS1.2 version?  (This will be
an estimation.)

4.   Do you have an active project to migrate off of older versions of TLS?

5.   What do you estimate your percent of clients using pre-TLS1.2 versions
to be next year?

Please let me know if this will be of use & if you have suggestions for


On Tue, Jul 10, 2018 at 1:51 PM, Stephen Farrell <>

> Hi Nalini,
> On 10/07/18 04:50, nalini elkins wrote:
> > It would be nice to see some of this reflected in the draft rather than
> > only statistics on browsers.   The real usage of these protocols is far
> > more complex.
> I didn't have time before the I-D cutoff but have since
> added a section on mail to the repo pre-01 version. (See
> [1] section 3.2.) I'd love to add more detail like that
> and/or more sections for other protocols if folks have
> data to offer with references.
> Consistent with other folks' numbers sent to the list
> yesterday, (though based on a much smaller sat of data I
> guess;-) my data shows 10.6% use of TLSv1.0 when talking
> SMTP/IMAP/POP (or HTTP) over TLS to a population of ~200K
> IP addresses that listen on port 25 (mail servers).
> What I don't currently have is a rate of change for that
> figure. I think that rate of change is the important number
> for figuring out what to do in the next while. E.g. The
> WG might conclude that if the percentage of TLSv1.0 is
> moving down nicely, we should be a bit patient. If it's
> not moving at all, we can probably move now or in 5 years
> without that being different. If we're not sure, then get
> more data...
> Cheers,
> S.
> [1]
> er/draft-moriarty-tls-oldversions-diediedie.txt

Nalini Elkins
Enterprise Data Center Operators