Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
John Mattsson <john.mattsson@ericsson.com> Sat, 05 October 2019 10:36 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2E841200C5; Sat, 5 Oct 2019 03:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mN22EvTRpOYi; Sat, 5 Oct 2019 03:36:30 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40047.outbound.protection.outlook.com [40.107.4.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 329D0120033; Sat, 5 Oct 2019 03:36:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EeUIUBlAYd/lzKm1bUOCcDgqMB6W/CjDLE0CZPdes43tTm70e2MnRgllXVGR8aAwNpzplS3qOecQkrTTfRMJBFtcXzNVY+KU4DZC+zz+rWxpJIojrmAkj1DE6fCvPRIAUq2DGNF/0qBwel2+E/BcGkH0quh4PFMEr46St+dLpOOLzDbHGZN/1+3iqLCM7igII4HLEE+ysTv5GWPMmvqKpODKQ7UyZ8yOv0JYkdrX5MoDbXMkM7TDNGfE/nPfY3V32YqH2ji0yKZugnQvio/9HO0aopwB/jbnsMBFh4Ol3CDpDdjru0AbkXrJEPerhhYVBrlVCERAcXTOIdrAyAVX1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VlltzUx0nXak1Cp2vbDBmsRikov4e1Mzj8sjHpI+UEo=; b=gEiiB/QgLhBhEKNLfvZ8empX3sp7QUvK/+hiKGv7Kp0vxFetGnpEUz1g72SsPxYYj83AZ1q9Gmxq0nK7rVivcT4eXhmSLRxlsXiv65VvJdImDQ3WJUe2JEwbjXkFmOJQqkbfXJVYUFRWk5fbkL/oSmnFDZM/lN8q7mF58dD4U1ICeAIB859IKgtRIW+YkJUIn7K3qJdWfZP2jVgQN3zsfn2bxBE701osawIz6hv4Y6tdP4+zZ+6tTV5/4cynQ5kM6DYKXwnrXbLIakHLD9DInY9Sldo1FKJNONRGMgqJQpVCVXjFEVzbxjPzXK7xenzFY4l2xSEanl1FRUd4RJACNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VlltzUx0nXak1Cp2vbDBmsRikov4e1Mzj8sjHpI+UEo=; b=AfsdKnXfeLwvU0Vk8YRjrOTgUOqlkevHVxw998ibqmCA1cgEsVtcJQQJkrjznW1amfxJ1a+gfOx8JwW2FLhmhEQhua6Cv5QN74X17RGb7RBnmzaxWgrrvqpeh0O5afmJ9dLJ5JZbcynThUNz54AyNb2Bu8KeaSxZsy5GNjOlNWw=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3084.eurprd07.prod.outlook.com (10.170.247.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.15; Sat, 5 Oct 2019 10:36:27 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2327.021; Sat, 5 Oct 2019 10:36:27 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "TLS@ietf.org" <TLS@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
Thread-Index: AQHVdGRuT2dEqLFcbEmEm2g+1AcjWadF0deAgAY4YQA=
Date: Sat, 05 Oct 2019 10:36:27 +0000
Message-ID: <0B7954B0-275B-45BE-9353-695612B7F5D3@ericsson.com>
References: <03B5BDAC-5B17-47B2-85D0-225DCCABDC42@ericsson.com> <024b01d5785d$51b3d7d0$f51b8770$@gmx.net>
In-Reply-To: <024b01d5785d$51b3d7d0$f51b8770$@gmx.net>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c63e079f-2a73-4455-006e-08d7497fe0d2
x-ms-traffictypediagnostic: HE1PR07MB3084:
x-microsoft-antispam-prvs: <HE1PR07MB30840F52F995A23A584DBA4189990@HE1PR07MB3084.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4502;
x-forefront-prvs: 0181F4652A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(136003)(39860400002)(366004)(346002)(199004)(189003)(8936002)(478600001)(86362001)(186003)(110136005)(36756003)(486006)(2501003)(6246003)(99286004)(14444005)(2906002)(26005)(14454004)(446003)(3846002)(256004)(2616005)(6116002)(71190400001)(71200400001)(2201001)(476003)(25786009)(66066001)(44832011)(6512007)(66946007)(7736002)(76116006)(11346002)(6506007)(66446008)(64756008)(5660300002)(66476007)(66556008)(58126008)(229853002)(91956017)(6436002)(305945005)(4744005)(316002)(8676002)(33656002)(81156014)(81166006)(102836004)(76176011)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3084; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SETWXdXmUtYZEk5Qw7a+t89UQvnAvCSJifbvkiqzws/tAC3iJXbLGeIMF1OpF7mQRYjbohVUXzHasXaZ9W6agDnMIYuOTOTAWS/QRa5Fhc/Wk4EddxlzTIpgNRisce6OblS+PfBy85cS08MvmMfFWTasVqH1cjFRKWpKqRO/3r0++yZiZ49Xv5R90mrmMJ3g95sqkrW/cbDnvMYKnczWdfVyLJNJKAzhlkgo6bfOKT3OfEHNGIc50R9IRs3OEPmsmT17POK7/R7PpzvO7YjFwZ14AkJ0migS71W+5URnculbiR1k9JrhBGvEiEs/55Lmu+AQOeGqtHJti2dTfsX/JgvqrM7rmc5hoGwznxvG1qMa1TVIcc9YpQa7jvwvsCS+jaYYc2adV77BS+nX32uz92Vv76scuh4O/xcO2f97hEY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <CAC46159556EC04B8AE06C5128950FF7@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c63e079f-2a73-4455-006e-08d7497fe0d2
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2019 10:36:27.6108 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: On2msrtgHpBiLuOzBKGC/8yLknE1Mn4MPPsv2wt38LViu6ovxpyLQgjrnivRTyPIOxbUSTKP5M+SeZfTktqkB+uv25qS+tpWgxJcBqHN2No=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3084
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rU-5Ix5WY6yq-fKw3E-b2xCQBsU>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Oct 2019 10:36:32 -0000
"hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net> wrote: > PS: As Kathleen noted TLS 1.2 and DTLS 1.2 are perfectly fine if you follow RFC 7925/7525. While TLS 1.2 and DTLS 1.2 can be configured to be secure, RFC 7525 is definitely not enough. RFC 7540 would be a good start, but also that would need to be extended with support of extensions like Extended Master Secret, Signature Algorithms, and Certificate Status Request to be considered fine in 2019. Cheers, John
- [TLS] Lessons learned from TLS 1.0 and TLS 1.1 de… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Michael Richardson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Martin Thomson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Martin Thomson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Simon Bernard
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Eric Rescorla
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… David Benjamin
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Benjamin Kaduk
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… hannes.tschofenig
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Michael Richardson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Peter Gutmann
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Christopher Wood
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Hannes Tschofenig