IETF Logo Mail Archive

[TLS] Re: Mike Bishop's No Objection on draft-ietf-tls-rfc8446bis-12: (with COMMENT)

Eric Rescorla <ekr@rtfm.com> Mon, 02 June 2025 17:54 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 80DD72FD41FC for <tls@mail2.ietf.org>; Mon, 2 Jun 2025 10:54:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BlgUCknbgCxX for <tls@mail2.ietf.org>; Mon, 2 Jun 2025 10:54:13 -0700 (PDT)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 507972FD41CA for <tls@ietf.org>; Mon, 2 Jun 2025 10:54:13 -0700 (PDT)
Received: by mail-yb1-xb2b.google.com with SMTP id 3f1490d57ef6-e8153867f47so837352276.2 for <tls@ietf.org>; Mon, 02 Jun 2025 10:54:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1748886852; x=1749491652; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/ikmsdMurL04N1/cG93imd+3DLlT24+nuahtBxO1TyA=; b=S6NgCPABa+qMUD23F31KA2wDfbcHEu/AMHgkPQahikwv8y5HvjA7qyiQoWt15m2JIT zKKnoZMaIuq91Wccqkzrh9C0VoQ3O/pahVVAU/mxh6wlPQLiWS2GfYFQfqRz4u08EIlu m2ze+Ra3IshREULUnEW53iXG1oF9I/a5LkaiHJbFYMSDYsPb/wRsShMhDUEddt8rSTBc mUBF8p+pQt5YBDZZ35ph8uxLcxLWV/usOrNMau24efapbw0DUkGwTxpeXBFN1uQC2diS IRddr9KsmBZK7jJoYDNdHwbpbbbT28fIjjrhhGNf8/lB/+j0roSOd2iUvds84LkNKJis 0PjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748886852; x=1749491652; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/ikmsdMurL04N1/cG93imd+3DLlT24+nuahtBxO1TyA=; b=uuld8g88b6Vm/hJgoYNL8bLpdYcx8aVO+HY24jMvFjvM9yZCpafClGPjMGPRUSByjv K8fNlpx+KhK2QH0Wq1lGxTXGmvj76Z+yfWSoeiR/GUEq+V4//5t3YhPftVgXORFY96GX STXgP0J9RJDfwMQk4GluSu7PnDWceJ2jpzsT60HBQCnnUMJjTL+Fol9kkwSiqk7rR4S7 pYQGxQ6bma6UKttV2YJJbQm2jJCGI91xPdmdKkPU4miJbffmAyOJdzawvOKwYGK48QBe KjrxQuDUIHBIxLW3k7389+LOqDwauAmV9AVjdX2y+P0Ymv9WzsiQ9qztGzFP9XJeTWXH zhQw==
X-Forwarded-Encrypted: i=1; AJvYcCVlhMgkgkdFuvlmvc9W8BH5knqm3NfQYNFObx2BRcx/aso9LbmXE9DQ0EBqJGubbI/9Vy4=@ietf.org
X-Gm-Message-State: AOJu0YznTKKW1SLILxAl8IYp10bmQ5JDJ06IdZ/+86DYKruPa3XeX9Tu 31VpdwEGo0jLcjVeeaZAGd+DLlNfNyfM1olC+vaaS0QeRZhzTdUHKzJ20CMIhG6nPbJU7QMF4z8 a/KhEtsuJQqFRGwS6fquTz6lyjjoil9oIX/TOIuaMZQ==
X-Gm-Gg: ASbGncvbXK7cExHPJwPOrayAiD5fYh8W4BoQl4ImmwxvjTvRwlxcXZldKb4Gtj/wxOr z07PJNBAnyFD9VojV0Xix0ln4rMzITme4BJml6aC4aqXjhEp2vhAnGn5QDU4jlUIRZVHVQN+kTP rdjLnl/3TR2ik8rk08170/fnugqbFDOoGLUfklpD+liNxNBA==
X-Google-Smtp-Source: AGHT+IE/pZeNzYtwY6o5FNxrRzqVxLAtYUImaQvGCNStbGI480AMxYpQWDmS3vFWd6U2J8wwPoH7GsUDQHAM43UShBw=
X-Received: by 2002:a05:6902:5407:b0:e7d:caea:ddf9 with SMTP id 3f1490d57ef6-e7f820a009emr16882350276.27.1748886852594; Mon, 02 Jun 2025 10:54:12 -0700 (PDT)
MIME-Version: 1.0
References: <174767061547.310160.15957128808257142354@dt-datatracker-59b84fc74f-84jsl> <CABcZeBOL=4bYocGd_agfCQ0kiYTOYH=Wbbsc2ZoE3SZs52waqw@mail.gmail.com> <IA0PPF726CD7A1FFEE479A7255771147F2ADA62A@IA0PPF726CD7A1F.namprd22.prod.outlook.com> <CABcZeBP-6j5sk6j+ok2zhG_8xfGOt32g52HbNDqq_du7+RiwkQ@mail.gmail.com> <IA0PPF726CD7A1F8D709AF21DEE2740CC86DA62A@IA0PPF726CD7A1F.namprd22.prod.outlook.com>
In-Reply-To: <IA0PPF726CD7A1F8D709AF21DEE2740CC86DA62A@IA0PPF726CD7A1F.namprd22.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 02 Jun 2025 10:53:35 -0700
X-Gm-Features: AX0GCFvliI6NlfO89arS0BiniXBRtnBkeV69dgBn93gV9GtOiB1nKkfJo4IXfv8
Message-ID: <CABcZeBPZU66d4XS8d_h4x+kZ3dHUkK6n9wsivx7yUXkG94zX+A@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Content-Type: multipart/alternative; boundary="00000000000099fedb06369a730c"
Message-ID-Hash: 7BNWBGXH2NTHFSYO2TLWVEFXWW5R4UCV
X-Message-ID-Hash: 7BNWBGXH2NTHFSYO2TLWVEFXWW5R4UCV
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "draft-ietf-tls-rfc8446bis@ietf.org" <draft-ietf-tls-rfc8446bis@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Mike Bishop's No Objection on draft-ietf-tls-rfc8446bis-12: (with COMMENT)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ol16JwOQ6v51kK_t2FqmRJP4xoo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Mon, Jun 2, 2025 at 10:49 AM Mike Bishop <mbishop@evequefou.be> wrote:

> From a real-world perspective, I agree — if servers choose to negotiate
> deprecated protocols, they should at least use the anti-downgrade
> mechanisms we've built. In terms of spec consistency, it feels very odd to
> have 2119 requirements that only apply if you choose to violate the
> requirements we've already stated. So it's a 6919-esque MUST NOT (BUT WE
> KNOW YOU WILL).
>

Well, all of these deprecation RFCs are sort of like that, unfortunately.


>
> RFC8996 acknowledges that there will be a delay between publication of the
> BCP and implementation of the deprecation in the real world; "Adopting the
> practices recommended by this document for any systems that need to
> communicate with the aforementioned class of systems will cause failure to
> interoperate. [Consider the trade-off] when deciding how quickly to adopt
> the recommendations specified in this document." I can certainly understand
> making a similar acknowledgement here, but perhaps stronger language
> warning such implementations that they're straying off the beaten path is
> useful.
>
> Regardless, this is a non-blocking comment, and I'll defer to you, the WG,
> and the responsible AD on exactly how to balance this.
>

Thanks. I'm inclined not to make any changes, but let's see what the WG and
the ADs say.

-Ekr


> ------------------------------
> *From:* Eric Rescorla <ekr@rtfm.com>
> *Sent:* Monday, June 2, 2025 11:35 AM
> *To:* Mike Bishop <mbishop@evequefou.be>
> *Cc:* The IESG <iesg@ietf.org>; draft-ietf-tls-rfc8446bis@ietf.org <
> draft-ietf-tls-rfc8446bis@ietf.org>; tls-chairs@ietf.org <
> tls-chairs@ietf.org>; tls@ietf.org <tls@ietf.org>; sean@sn3rd.com <
> sean@sn3rd.com>
> *Subject:* Re: Mike Bishop's No Objection on
> draft-ietf-tls-rfc8446bis-12: (with COMMENT)
>
> Thanks.
>
> It might help to start with some background. While it's true that the IETF
> has deprecated TLS versions prior to TLS 1.2, we also know that there
> are many sites which support TLS 1.0 and TLS 1.1. [0]
>
> We would still like those implementations to perform anti-downgrade,
> despite
> violating this other MUST. So, I don't think that treating this as a
> historical
> requirement is the right answer.
>
> -Ekr
>
>
> [0] https://www.ssllabs.com/ssl-pulse/
>
>
>
>
>
> On Mon, Jun 2, 2025 at 7:40 AM Mike Bishop <mbishop@evequefou.be> wrote:
>
> Sorry, I should have quoted it. It's
> https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#section-4.1.3-11 in
> the editor's copy:
>
> [RFC8996
> <https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#RFC8996>] and
> Appendix E.5
> <https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#backward-compatibility-security> forbid
> the negotiation of TLS versions below 1.2. However, server implementations
> which do not follow that guidance MUST set the last 8 bytes of their
> ServerHello.random value to the bytes:
>
>   44 4F 57 4E 47 52 44 00
>
> Appendix E.5 states that versions below 1.2 "MUST NOT be negotiated for
> any reason," yet this text then has a MUST-level requirement applying
> exclusively to server implementations which ignore the MUST NOT.
> ------------------------------
> *From:* Eric Rescorla <ekr@rtfm.com>
> *Sent:* Friday, May 30, 2025 10:54 AM
> *To:* Mike Bishop <mbishop@evequefou.be>
> *Cc:* The IESG <iesg@ietf.org>; draft-ietf-tls-rfc8446bis@ietf.org <
> draft-ietf-tls-rfc8446bis@ietf.org>; tls-chairs@ietf.org <
> tls-chairs@ietf.org>; tls@ietf.org <tls@ietf.org>; sean@sn3rd.com <
> sean@sn3rd.com>
> *Subject:* Re: Mike Bishop's No Objection on
> draft-ietf-tls-rfc8446bis-12: (with COMMENT)
>
> Thank you for comments. I have made a PR to address most of these comments:
>
> https://github.com/tlswg/tls13-spec/pull/1385
>
> I am a bit unsure about one comment. Can you point to the offending text
> for the
> comment below:
>
>
> The language around the SCSV for pre-1.2 values feels odd. You MUST NOT
> negotiate older versions, but if you do anyway, you MUST do it this way? I
> would shift this to a description of how clients and servers were required
> to
> behave prior to this revision of 1.3 at most.
>
>

v2.35.0 | Report a Bug | By Email | System Status