[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
Watson Ladd <watsonbladd@gmail.com> Fri, 22 November 2024 16:46 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1BDC1D61F7 for <tls@ietfa.amsl.com>; Fri, 22 Nov 2024 08:46:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLQ3OHJrtm0M for <tls@ietfa.amsl.com>; Fri, 22 Nov 2024 08:46:29 -0800 (PST)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3F5CC1D52EA for <tls@ietf.org>; Fri, 22 Nov 2024 08:46:29 -0800 (PST)
Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-4314c4cb752so20341585e9.2 for <tls@ietf.org>; Fri, 22 Nov 2024 08:46:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732293988; x=1732898788; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=AdOdJAEnrJxhyT1fC3OMdjC7UmuyIxbf8LOqZL60bgQ=; b=OXM7Y+xs8hIAy59+pG8cnlm8rn54X6Qm4y9a472DMlBhi3fEdDd4I4i9vskb3tsCGP rxj9hPq6E6KZcNuzKCHnG26+WLUi4CqGyhOj7f11IULQ5eDy6LcJKTqr98nE/el2jsdE 1kICk+HgLz7mgmtl97xe7RVaAJQEaLw1+mB396fG+9QaI0KCMthPv2mQX4ysyPor3Ooq 5PtImviOCIe9vlpfqBOhamaiZ2YZMjW7yU6+D6/uYOEQGlZKvpLPB8Jehx/gKqlbDTfX 2SZHX3E9V3rEwoys4OEJYmgfXc8KvrWJA1H+UaRT1dQov3v8EnHq+w2jBP8MUE9oM5wr 7AIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732293988; x=1732898788; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AdOdJAEnrJxhyT1fC3OMdjC7UmuyIxbf8LOqZL60bgQ=; b=Us09sSoiFrwLiJaYuD+B0wA8erx1trWh1BSVia9uCuzw25cTumJDap30+WafW04SeU 5xNzvS930nYQtp7+W8YHvjk5ezPf3fhJpWkZR6SDB3iK/HcysOCZY7nOxGYvqSFDgyBZ qxRpxIrtBkFgsHE7ev6jN0v3l/YRAkVIto0hmWybLuWtINZnuxESI0rZwFO1blLpRqYv PR10ln8xsIYdIWnSKVojbiOgVJbsOTeu00xHX46W1fiQxmO+nz4bZ7Oy9cbEqb6KFmVZ u2Gt7DQYshSzTZBWEMWniZqGIq5jT4U/e9Ljd70F6vSIClj5vx3VOi9GbSoooa/tfgSI fldQ==
X-Forwarded-Encrypted: i=1; AJvYcCX124xCgz+xVBoXzh8fugHIr2lkIUJ+NAS/+84GTZsgXzYbiFlJsWu9jnqxonPBimTTX0g=@ietf.org
X-Gm-Message-State: AOJu0YzzhWUvVHFkYmn5nAqo1LdIe05CvuGHUCytrnAwp1g9vLR30qXC a0md8ZHQ4gbqBhdp0dyn9YHGQOBSm7NTheOkEOGIgv+4LyNNJZuAnHUxzx57nwUL8mt6An617vJ AOj83TfAVa64ZY4IR291jJnMgfJg=
X-Gm-Gg: ASbGncvsgFDH8+6O695VXC5MkKkduqb+MGjsqg8wJYwkW20iSm+2NR0QxpJfu17nCKI wvzyY7HnOhPRXGjxoIbdcyV6SDou3dMLBBdfleMh4aV6Ks/Bswy6ds1mqLksHeL8=
X-Google-Smtp-Source: AGHT+IHKC17clVFnYmFxnWrvuG6Fq1ChNzUtj/vbKc/rcpvpJWUun22x/G4eVCb3EXhaM/G5v4BkpTTUfYiOkBmdgmI=
X-Received: by 2002:a05:6000:705:b0:37c:d4f8:3f2e with SMTP id ffacd0b85a97d-38260be6941mr3305971f8f.55.1732293988227; Fri, 22 Nov 2024 08:46:28 -0800 (PST)
MIME-Version: 1.0
References: <278163DF-0CB8-472F-84CB-0B8236FEC7C1@sn3rd.com> <231D5F24-E1AE-4F7C-9860-F6B0FF79D6FF@akamai.com> <CWXP265MB5153A14B88F7E5CC94E9BF9AC2212@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <67DD955A-3D13-E04F-9398-F5B37786F79A@hxcore.ol> <ME0P300MB0713FDE4AAA6BB169D676391EE232@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <1A650921-0180-864F-A50B-E385FAC59653@hxcore.ol> <LO2P265MB5160EA88E5389CDE7036F465C2232@LO2P265MB5160.GBRP265.PROD.OUTLOOK.COM>
In-Reply-To: <LO2P265MB5160EA88E5389CDE7036F465C2232@LO2P265MB5160.GBRP265.PROD.OUTLOOK.COM>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 22 Nov 2024 08:46:17 -0800
Message-ID: <CACsn0cnysjWfdftcEF263C=veVgCz7Z7-ejMBXFLC5HhKnurBw@mail.gmail.com>
To: Andrew Campling <andrew.campling@419.consulting>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: HW5BEUQMQMRLAU67PN6DLUQNKX2ENTHO
X-Message-ID-Hash: HW5BEUQMQMRLAU67PN6DLUQNKX2ENTHO
X-MailFrom: watsonbladd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/npZqElEmva87MOBeZ1ui6x6DXyQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Fri, Nov 22, 2024 at 6:48 AM Andrew Campling <andrew.campling@419.consulting> wrote: > > On 22/11/2024, 13:37, Yaron Sheffer yaronf.ietf@gmail.com wrote: > > > My point was much broader though: the IETF is sending deployers a bunch > > > of mixed messages, and this is on us as a community. > > > > > > RFC 9325 basically tells them: we prefer that you switch to TLS 1.3, but if > > > you absolutely cannot do that, here’s how you can configure the existing > > > TLS 1.2 and be secure (as of the time of publication). > > > > > > TLS-LTS sends a whole different message of course. > > > > > > And then the working group keeps nibbling at TLS 1.2 with documents like > > > draft-ietf-tls-deprecate-obsolete-kex and the earlier “deprecating” > > > documents. The KEX document does mention RFC 9325 at one point but > > > does not say explicitly which of its requirements are new, making it hard > > > for implementers to navigate our recommendations. > > > > > > If the consensus view of the working group is that the existing communications have resulted in mixed messages and some confusion, the adoption of TLS LTS could provide a useful vehicle to address that whilst also dealing with the various technical points that Peter has already identified in his draft. By expanding the introduction plus sections 3.7 and 4 (or by adding a new section), it should be possible to communicate clearly to implementers and others the relative positions of TLS 1.2, TLS-LTS and TLS 1.3 with reference RFC 9325 and any other relevant documents etc. How on earth would providing another incompatible set of suggestions help? No matter what text was in there it would still raise the question of what people should be doing. > > > > Andrew > > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org -- Astra mortemque praestare gradatim
- [TLS] Adoption call for TLS 1.2 Update for Long-t… Sean Turner
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Sean Turner
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Rob Sayre
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Alicja Kario
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Salz, Rich
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Thom Wiggers
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Viktor Dukhovni
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Christopher Wood
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Watson Ladd
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Richard Barnes
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Martin Thomson
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Alicja Kario
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Sean Turner
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Nick Harper
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Arnaud Taddei
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Eric Rescorla
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… David A. Cooper
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Andrew Campling
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Yaron Sheffer
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… David Benjamin
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Yaron Sheffer
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Andrew Campling
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Watson Ladd
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Salz, Rich
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Andrew Campling
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Watson Ladd
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Rob Sayre
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Salz, Rich
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Rob Sayre
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Salz, Rich
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Watson Ladd
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Alicja Kario
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Salz, Rich
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Watson Ladd
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Salz, Rich
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Watson Ladd
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Rob Sayre
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Pascal Urien
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Sean Turner
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Stephen Farrell
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Muhammad Usama Sardar
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Yaron Sheffer
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… David A. Cooper
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Bas Westerbaan
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… David A. Cooper
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Watson Ladd
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… David Benjamin
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Peter Gutmann
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Sean Turner
- [TLS] Re: Adoption call for TLS 1.2 Update for Lo… Rob Sayre