Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Töma Gavrichenkov <ximaera@gmail.com> Mon, 06 May 2019 11:40 UTC

Return-Path: <ximaera@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43F7F120119 for <tls@ietfa.amsl.com>; Mon, 6 May 2019 04:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MTwSFQnrqBFI for <tls@ietfa.amsl.com>; Mon, 6 May 2019 04:40:19 -0700 (PDT)
Received: from mail-yw1-xc42.google.com (mail-yw1-xc42.google.com [IPv6:2607:f8b0:4864:20::c42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CF1E120021 for <tls@ietf.org>; Mon, 6 May 2019 04:40:19 -0700 (PDT)
Received: by mail-yw1-xc42.google.com with SMTP id w18so10032888ywa.12 for <tls@ietf.org>; Mon, 06 May 2019 04:40:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=TUvcegDMFlc6ofBgKNqRREaXN25F2lhRYaXc1V7VT+k=; b=KynlqxrAyRjOUebH71y/4oOiuzNkkJ0ehWJTkGqbGQrV4VU0We6s2A28FajYYkkPuO D4agk5K0tuxDnTlTDu1nBGGSNx78oK4F+bRYHszFiMuaKnp5hs/gMN48Bz3nGExzmzGz 0syfqkBSFOyOP1Kw/Oy/Nlf7emVCQD6sKZJXlWlLNr1A6TGtUyEjoqKzu4aRDUXX57wC cnwNTZfZKyhGogJIxODYn3dlycwbnSouyTkqevx86ND8VCoBQVAeItLl3OLSeSKAJixk OEC9DYviIqOB3KfaTt/4wBoHZ57krWu9u4vl17U4wnge8n+ICc/g68qV3+fquKQTt7tV TvwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=TUvcegDMFlc6ofBgKNqRREaXN25F2lhRYaXc1V7VT+k=; b=GUGDmMvOFtnCC+We5xH4z/RyQMtP4zxAgoZRarCk0Io1TKQFo7DmYZHdIo4XFdXqMH S8x1RmuXTRG5YbFXZIbsfW/1MKAiJMfG1C8ej4d4YFfzm1EaENnOZ9LOB8zqxycjUnnA 5/EO647EwJeykg3bN0aEEXjtu/cwjvMkO6Itf0gDeEjGtDX2a5q6kHvVPOaIJTINrMhc ajB1mkF4KZwG26BR7nriNxy9l2J8LXmZz2uwKEZxRhcQgMtfezAjrX+CH0r5YhKcQyEm AM/zNdziKS/HoExU0FSyVCE/tQtln6bwT4ymikKDT9RotOtOTLt3pQRSlHKpwtxv6vCO 8TrA==
X-Gm-Message-State: APjAAAVZ5G+AlW7t5Q5GGbqefaS1mJvq0hJsWj8k4tmPBSA1nA/konkO F6Hgl2QsG5UXDfUIWaOi87dCyyWRZsYlAbAbPwG1Zko0
X-Google-Smtp-Source: APXvYqxfAkoybGoj/ij5UFOmy7JqPC7uI0MrRZ/TpfHSsUr96FUMhE7P8AcrmX+aa/LPKTTUGy9vHRa7tY28pVzWupg=
X-Received: by 2002:a81:8842:: with SMTP id y63mr16621926ywf.178.1557142818325; Mon, 06 May 2019 04:40:18 -0700 (PDT)
MIME-Version: 1.0
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <7d37f7ca-e253-4c95-9cf7-2d16b0b6a0aa@www.fastmail.com> <20190430234952.21F5C404C@ld9781.wdf.sap.corp> <5441930.X76MtM1CnQ@pintsize.usersys.redhat.com> <1556902416424.28526@cs.auckland.ac.nz> <20190503172022.GH4464@akamai.com> <1556904629782.23087@cs.auckland.ac.nz>
In-Reply-To: <1556904629782.23087@cs.auckland.ac.nz>
From: =?UTF-8?Q?T=C3=B6ma_Gavrichenkov?= <ximaera@gmail.com>
Date: Mon, 6 May 2019 14:39:52 +0300
Message-ID: <CALZ3u+YXzXyJ0WaPtLK10=+hBCdG5Hz72bpatbakP1idHQxung@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qoi1KsqyClsgq3AFTfn9dFBo_BY>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2019 11:40:21 -0000

On Fri, May 3, 2019 at 8:31 PM Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> why not also add MUST NOT MD5 and SHA1 in TLS 1.2 to the text?

Because the document has now such a direct and ambitious title that
~most of the target audience won't even read the text beyond the
title, hence this message won't be delivered.

This is exactly the trick (but with exactly the opposite sign) PCI SSC
performed three years ago when they published the document called
"Migrating from SSL and Early TLS, version 1.1" and the general public
widely believed that the document deprecated TLS 1.1 while what it
literally meant under "Early TLS" was ultimately TLS 1.0. Only the
*document version* was 1.1, but it was enough for quite a lot of
people who sometimes didn't even read the document at all but rather
sticked to short summaries by Arstechnica, The Register and the likes
(who, in turn, quite frequently don't read documents carefully
themselves).

Might play well though if the title is changed.

--
Töma