[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

Nick Harper <ietf@nharper.org> Tue, 05 November 2024 19:48 UTC

Return-Path: <nharper@nharper.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C038AC1D6FBE for <tls@ietfa.amsl.com>; Tue, 5 Nov 2024 11:48:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOZn9quT4p1V for <tls@ietfa.amsl.com>; Tue, 5 Nov 2024 11:48:16 -0800 (PST)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FC47C1D61E5 for <tls@ietf.org>; Tue, 5 Nov 2024 11:48:16 -0800 (PST)
Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-43162cf1eaaso69322695e9.0 for <tls@ietf.org>; Tue, 05 Nov 2024 11:48:16 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730836094; x=1731440894; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Qd+9h0PkBuzkYMUOTdt+1rb+hsHUwgpCnWCPIezctXI=; b=Ec3XtRAUhI1zVSyGmhSm7VFQKw4ppuoepX3onOiDujYIHjENnFv15zSD/PnwcVUTYM Fx2LFSlHU85JJN+t2yJh4r/sesMQXWsat2sZ8/9R8u55rpnGdqRwaqMRfrvPJeH3NM9g zD2/2LMshOROiAQ+FrELRa+u6L9J5HEpIgIlmztCxPFYgIk0dotZcZUBfR4/NcKzssIE T20005wOwFKFS6moZtH6uzpqn67pwB75zVHWQJQD+781iWwGPhlQyYyRZK/f4GcBt8P8 eA1KnWAsFT8LqubGx6TVVY8X/cz+Ikb3aFheHu7MN7TawWEUN8wPorZKqCdqdxFtctfb m88Q==
X-Forwarded-Encrypted: i=1; AJvYcCUFjcNTLvlsWvs492HHm0tPnutTujFmTt+A9fKHsEDrByIqKJeWkEEtwLCsWX4eeTBN04k=@ietf.org
X-Gm-Message-State: AOJu0YzJJrDYni2/Q11WOgPnYt4gsbWFwg4v1jMyp63sHbzjIDTrJiL7 +Bz08PIQGN5/J16a2henWaexORaCdS+4CtcgA7FdobhmIN6MBk2bikUfE9h860nmjKomwNHZB0j OaJpKUzsOcXVH32S0wYTBBAZ7PnL/4+3S4OJH/qtxMvlLxh/mOfhyMg==
X-Google-Smtp-Source: AGHT+IENxzmOT8emSNOrZikWgHHhutSV6tGFczFLbmKT7Qd29SxWVIaM973ikpmzESroQlB1R0yoC1VpgUqg00lsP8E=
X-Received: by 2002:a05:6000:1449:b0:37d:4833:38f5 with SMTP id ffacd0b85a97d-381c7a6cb2cmr17143444f8f.30.1730836094420; Tue, 05 Nov 2024 11:48:14 -0800 (PST)
MIME-Version: 1.0
References: <278163DF-0CB8-472F-84CB-0B8236FEC7C1@sn3rd.com> <231D5F24-E1AE-4F7C-9860-F6B0FF79D6FF@akamai.com>
In-Reply-To: <231D5F24-E1AE-4F7C-9860-F6B0FF79D6FF@akamai.com>
From: Nick Harper <ietf@nharper.org>
Date: Tue, 05 Nov 2024 11:48:02 -0800
Message-ID: <CACcvr=nX=pk+uZMgBomWjaD54aW0KRtbL-voY4-PHCynELZdDw@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000092abc806262fae2f"
Message-ID-Hash: I7AGAGUO6QGRVZ3WHFE2F35PKE4IAB2B
X-Message-ID-Hash: I7AGAGUO6QGRVZ3WHFE2F35PKE4IAB2B
X-MailFrom: nharper@nharper.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/q7bOw0IvvmbwnYqQn-8BWjMOQCk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I understand the stated goal of this draft to be to provide a way for
hard-to-update endpoints to keep using TLS 1.2 in a secure way. The idea of
a document that describes how to safely deploy TLS 1.2 sounds like a good
idea, e.g. "use only these cipher suites, require EMS and RI, etc". This
draft is not that.

This draft makes changes to the TLS handshake protocol, which undermines
the goal of supporting hard-to-update endpoints. The two changes made to
the protocol are also addressed by RFC 8446. If endpoints need to be
updated to support TLS-LTS, it would make more sense to update them to
support TLS 1.3 than TLS-LTS.

The rationale section (3.7) of the draft presents two reasons for using
TLS-LTS over TLS 1.3. The first is the slow deployment cadence of a new
protocol. LTS requires a change to the protocol and deployment of that new
change, no different from 1.3. The second reason is fear of the unknown in
1.3: "TLS 1.3 is an almost entirely new protocol. As such, it rolls back
the 20 years of experience that we have with all the things that can go
wrong in TLS". The 20 years of all the things that can go wrong in TLS were
due to unsound cryptographic decisions. The research and analysis that
found those 20 years of issues was applied to the design of 1.3 to avoid
making the same mistakes. 1.3 doesn't roll back that experience, and we now
have over 8 years of experience with 1.3.

I do not support adoption of the draft in this format. If the draft made no
changes to the TLS 1.2 protocol and were deployable only through
configuration changes (e.g. a fixed list of cipher suites and extensions),
I would probably support it.

On Tue, Nov 5, 2024 at 11:02 AM Salz, Rich <rsalz=
40akamai.com@dmarc.ietf.org> wrote:

> I strongly support adoption.
>
> I do not understand why anyone would be opposed to the IETF making
> deployment recommendations. I can understand why someone might be bothered
> by the impliciation that *THIS ONE WAY* is the only way to get long-term
> support, especially if it's seen to contradict our encouragement of TLS
> 1.3. But that is an editorial issue that can be easily fixed.
>
> I would like to see this adopted, a short change cycle, and then advanced
> in the same cluster with our TLS 1.2 is frozen document.
>
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>