Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
Töma Gavrichenkov <ximaera@gmail.com> Mon, 06 May 2019 11:40 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43F7F120119 for <tls@ietfa.amsl.com>; Mon, 6 May 2019 04:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MTwSFQnrqBFI for <tls@ietfa.amsl.com>; Mon, 6 May 2019 04:40:19 -0700 (PDT)
Received: from mail-yw1-xc42.google.com (mail-yw1-xc42.google.com [IPv6:2607:f8b0:4864:20::c42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CF1E120021 for <tls@ietf.org>; Mon, 6 May 2019 04:40:19 -0700 (PDT)
Received: by mail-yw1-xc42.google.com with SMTP id w18so10032888ywa.12 for <tls@ietf.org>; Mon, 06 May 2019 04:40:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=TUvcegDMFlc6ofBgKNqRREaXN25F2lhRYaXc1V7VT+k=; b=KynlqxrAyRjOUebH71y/4oOiuzNkkJ0ehWJTkGqbGQrV4VU0We6s2A28FajYYkkPuO D4agk5K0tuxDnTlTDu1nBGGSNx78oK4F+bRYHszFiMuaKnp5hs/gMN48Bz3nGExzmzGz 0syfqkBSFOyOP1Kw/Oy/Nlf7emVCQD6sKZJXlWlLNr1A6TGtUyEjoqKzu4aRDUXX57wC cnwNTZfZKyhGogJIxODYn3dlycwbnSouyTkqevx86ND8VCoBQVAeItLl3OLSeSKAJixk OEC9DYviIqOB3KfaTt/4wBoHZ57krWu9u4vl17U4wnge8n+ICc/g68qV3+fquKQTt7tV TvwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=TUvcegDMFlc6ofBgKNqRREaXN25F2lhRYaXc1V7VT+k=; b=GUGDmMvOFtnCC+We5xH4z/RyQMtP4zxAgoZRarCk0Io1TKQFo7DmYZHdIo4XFdXqMH S8x1RmuXTRG5YbFXZIbsfW/1MKAiJMfG1C8ej4d4YFfzm1EaENnOZ9LOB8zqxycjUnnA 5/EO647EwJeykg3bN0aEEXjtu/cwjvMkO6Itf0gDeEjGtDX2a5q6kHvVPOaIJTINrMhc ajB1mkF4KZwG26BR7nriNxy9l2J8LXmZz2uwKEZxRhcQgMtfezAjrX+CH0r5YhKcQyEm AM/zNdziKS/HoExU0FSyVCE/tQtln6bwT4ymikKDT9RotOtOTLt3pQRSlHKpwtxv6vCO 8TrA==
X-Gm-Message-State: APjAAAVZ5G+AlW7t5Q5GGbqefaS1mJvq0hJsWj8k4tmPBSA1nA/konkO F6Hgl2QsG5UXDfUIWaOi87dCyyWRZsYlAbAbPwG1Zko0
X-Google-Smtp-Source: APXvYqxfAkoybGoj/ij5UFOmy7JqPC7uI0MrRZ/TpfHSsUr96FUMhE7P8AcrmX+aa/LPKTTUGy9vHRa7tY28pVzWupg=
X-Received: by 2002:a81:8842:: with SMTP id y63mr16621926ywf.178.1557142818325; Mon, 06 May 2019 04:40:18 -0700 (PDT)
MIME-Version: 1.0
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <7d37f7ca-e253-4c95-9cf7-2d16b0b6a0aa@www.fastmail.com> <20190430234952.21F5C404C@ld9781.wdf.sap.corp> <5441930.X76MtM1CnQ@pintsize.usersys.redhat.com> <1556902416424.28526@cs.auckland.ac.nz> <20190503172022.GH4464@akamai.com> <1556904629782.23087@cs.auckland.ac.nz>
In-Reply-To: <1556904629782.23087@cs.auckland.ac.nz>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Mon, 06 May 2019 14:39:52 +0300
Message-ID: <CALZ3u+YXzXyJ0WaPtLK10=+hBCdG5Hz72bpatbakP1idHQxung@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qoi1KsqyClsgq3AFTfn9dFBo_BY>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2019 11:40:21 -0000
On Fri, May 3, 2019 at 8:31 PM Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > why not also add MUST NOT MD5 and SHA1 in TLS 1.2 to the text? Because the document has now such a direct and ambitious title that ~most of the target audience won't even read the text beyond the title, hence this message won't be delivered. This is exactly the trick (but with exactly the opposite sign) PCI SSC performed three years ago when they published the document called "Migrating from SSL and Early TLS, version 1.1" and the general public widely believed that the document deprecated TLS 1.1 while what it literally meant under "Early TLS" was ultimately TLS 1.0. Only the *document version* was 1.1, but it was enough for quite a lot of people who sometimes didn't even read the document at all but rather sticked to short summaries by Arstechnica, The Register and the likes (who, in turn, quite frequently don't read documents carefully themselves). Might play well though if the title is changed. -- Töma
- [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1" Christopher Wood
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Watson Ladd
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Thomson
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… John Mattsson
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Maarten Aertsen (NCSC-NL)
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Stephen Farrell
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Gary Gapinski
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Daniel Migault
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Viktor Dukhovni
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Loganaden Velvindron
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Töma Gavrichenkov
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Salz, Rich
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Viktor Dukhovni
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Roland Zink
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Thomson
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Christopher Wood
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Viktor Dukhovni
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Töma Gavrichenkov
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Thomson
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Benjamin Kaduk
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Viktor Dukhovni
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Eric Rescorla
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Thomson
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Töma Gavrichenkov
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Benjamin Kaduk
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Viktor Dukhovni
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Viktor Dukhovni
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… David Benjamin
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Thomson
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… David Benjamin
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Kathleen Moriarty
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Hubert Kario
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Christopher Wood
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Martin Rex
- Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1… Peter Gutmann