Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

tom petch <daedulus@btconnect.com> Wed, 16 December 2020 09:58 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F2BA3A0811; Wed, 16 Dec 2020 01:58:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJSvMoe5W4r9; Wed, 16 Dec 2020 01:58:09 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80090.outbound.protection.outlook.com [40.107.8.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F2C03A0809; Wed, 16 Dec 2020 01:58:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JHfEA4lD1uUSdGtrdxcMZ2GdcpRZ8XPYIluMFyDzwyci/86B9yLE1qgRqIauwWpqsAiIYaH72RNpSNldb/UvxXaiVu2YHyLz47plIoB3a44YXt8slcqCycvJ8tzvXh6DOn9W3Jdkpo497KYG9yI/KwcgINiDuYQ3yP/BrvzNpIIjZvkI6CeQH8EvDG14lxHEuoN/tXUd4zR5NKYRXupCSm/puc5RlHgY581cgz5WSwoxYHtBHkhiQo/N2G8/u+KE9vY6ffKNJpyt+w3/9yhxW6cWihLpjVOe8Yve+RCqGDJ6LNI47HmUO2Z3vk4X8JKFjj5oobV4riIM6qpkG1Tu5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0aETC3sBvuospkl4QWQlsg1ePc2q7hsB4GhneOc189Q=; b=JhPtNGuRsfJR5CIOo5u0KgSL8H0w4KFWFoSdF30h+Kcx8RaeITX5PE9xKEwXO9S6awY0Ck20oTBNAbUIMgmD+ozZ9fZ/9NEF5UnwlwZ3XEGvkDbRYnDz/QjBYbUIJXCXj/NHQBek5534f/7vZsFBu4rrbcdaml6SSYHcb/1H5kEiziGnGieHjjlVBMrID0WXXAAZi8vjCIflXie9unaxRriE8DY9M1IwIWmZoA18R2iUAKpEcRpHoLPDDg79Ov7nk2kF5ISF/Kdsuir4e7ximYx1XcxxE2GlNbZprN7Ui14u9J7iL2gODuR88hGIrb1fLOI+8CRlM40UxJKnqBUErg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0aETC3sBvuospkl4QWQlsg1ePc2q7hsB4GhneOc189Q=; b=GZ62UMHE9KwA7ofeejTT7lY3E6te97Ii9nhQaVQeqAagliGGoDX4sGmApXW+5CI2VdAb0MwNCn0gHrnFOv5/ded1a6kZU/+wCO+Wbp0v59T/1VCGiq3JKPCb73zeJ2DqwvRAY4w+wJ4CXo8ydEy4pdbvWoICc0gUs0abMw3BdzI=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR07MB3085.eurprd07.prod.outlook.com (2603:10a6:802:21::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.12; Wed, 16 Dec 2020 09:58:05 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6407:6ea2:f517:eeae]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6407:6ea2:f517:eeae%7]) with mapi id 15.20.3676.018; Wed, 16 Dec 2020 09:58:05 +0000
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, last-call@ietf.org
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <5FAA69AB.4090802@btconnect.com> <754d1831-e44f-0299-dcd1-24a311e8c442@cs.tcd.ie> <5FAA79E6.4060401@btconnect.com> <57dec4d8-0824-291c-9c13-15627693eb2a@cs.tcd.ie> <0a867fe5-e940-09bd-1764-530479e09e9b@cs.tcd.ie> <5FD79486.5030401@btconnect.com> <5FD8B135.8070704@btconnect.com>
Cc: draft-ietf-tls-oldversions-deprecate@ietf.org, tls-chairs@ietf.org, tls@ietf.org
From: tom petch <daedulus@btconnect.com>
Message-ID: <5FD9DA28.5080106@btconnect.com>
Date: Wed, 16 Dec 2020 09:58:00 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <5FD8B135.8070704@btconnect.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P265CA0490.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:13a::15) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P265CA0490.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:13a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3654.12 via Frontend Transport; Wed, 16 Dec 2020 09:58:04 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8028f964-f722-43b7-8ec2-08d8a1a91536
X-MS-TrafficTypeDiagnostic: VI1PR07MB3085:
X-Microsoft-Antispam-PRVS: <VI1PR07MB3085F2FAD641842471829E9CC6C50@VI1PR07MB3085.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: AgFfMYS2w8WbKqJJ9/3ycx7EEIvsk9upkfrwreVC9jek84ZJoPtaSBnfqO/2RbH1GmLrJvxaXbafgZ9Js3GEMsoEBkpwCS87ybuPl6FgngJWMJzs9d8ZPTQztZnQoh6OJkb94/v3yFP/HcVHEjcpaM6dXXK7VMrm/C4h7rxqdy0OvfqU49sXVdIh8LHWQ/CUDzzS3DVD5bYqtsrmUJVWcu2O0WyTytX0rK2aszAqFpFC0UpyFLGdNbGYu4MjTN/QAezgTujDYQL3CqfXbtSjqm2KBEmAb2B//pMCYv+hLy9wrWqIgDxWEmX34qRGbjmQnmVRsSfCP+cLmmv4pgWHHActx9oIQz6wleY1W2TdZ3qHyRH5Dn1YWwGCRqqmG8KeSe7m1apwiDSiTx0CktKcWyAZbmU1KHcD4WRTMjh9TJmgMuvALHGVdTsnl9zZltBUYxFz2uGVg/AG5tZLuhWYig==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(346002)(376002)(39860400002)(136003)(366004)(6666004)(478600001)(966005)(66476007)(86362001)(36756003)(316002)(16576012)(53546011)(52116002)(8936002)(5660300002)(2906002)(33656002)(83380400001)(66946007)(16526019)(26005)(186003)(4326008)(956004)(87266011)(2616005)(66556008)(6486002)(8676002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: =?Windows-1252?Q?scespvhpB8IqQpUT+YUhiToDWQyN9xOhf+w6+zlHi81sGLqBIXHMfOO6?= =?Windows-1252?Q?1wdwfZwKHsUXwvbFX07XTGq0JC5sVd2bAakSCbDlex7560ili8IPpkRX?= =?Windows-1252?Q?87HKSrHqQDBfSdGw38Kc2gRg1sZCaIoh7lTDChun5NrM8NAZXU0Rljkr?= =?Windows-1252?Q?Df/Civw8yyENoa36zpWflnKQGPmWuTL9LIc74DaI+p6jGevNsGYsM4Wb?= =?Windows-1252?Q?jJJg7ytg3qn/Ma5quQMPt2CVKRFwxjZFqR1+xlKHatDfP4DG88FzfgMO?= =?Windows-1252?Q?iEDWedm86TLpWXOV+3yYgFW3Jypn6Pc12B5Rsp59etRz6MlxLE4LSToZ?= =?Windows-1252?Q?2ukTHmYSNausawdu4RCVL8AtLhWSZrZDX5GbVkPLg76D8/Ezim1lRntB?= =?Windows-1252?Q?m5awo3Um8tdpqhdoDTC6kUjbFbuzV92sz8oz21womQQggo6+Gi+IURBZ?= =?Windows-1252?Q?YcPiTkF4ZUc0xpXyqmCSrVLgMBpn586u3eNqTRfb+Vk2HJiZCbV1hf68?= =?Windows-1252?Q?5XeuXg1NWLN/X4V2TWG0KK/omGDS7Ik2VFdTQY2+1Vl7r4Wr91bIiQA1?= =?Windows-1252?Q?QF/gkyxosJaPemDtmbB6Pqz74y4sFwiTrqyjooiBCp2CLCnYcLFEcIuT?= =?Windows-1252?Q?c0hwLin/pLXhCFmpO7v91HcSw6pPpTekI1xomonbYk4qXLtX0HZdlQ4c?= =?Windows-1252?Q?PxSrno9dTNP9OQUhqnDyZgouWsuFSpspPXtfonpHlMQOUjCz39UzMVMB?= =?Windows-1252?Q?1BNkpYbPnGrZT60mWwV5MaRKtX3exe4m3lAOpCaAL6XJuLO99DdL70eR?= =?Windows-1252?Q?+SswW22/AnSQlfk04b9uHis0l/AkGU1WrtjQ2V45N35Wob++dT24dRBm?= =?Windows-1252?Q?/1rMjqBzBIzHiJ8KNVr+BK1XhPpg5rQXCAknetazMXeewOxILiVlOZnH?= =?Windows-1252?Q?BmMNfcFkljnH350h3nLGd3xKXjUA/vYiIQnJP9IrJb7AUtSSedRHb8XE?= =?Windows-1252?Q?IkOAGA+rrm+bZaOyszwsb0G4Rwc4M7S98nfEvZRhEaags5WtryHIHKxp?= =?Windows-1252?Q?sAMP0pSJ3C1YOWax?=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Dec 2020 09:58:04.8764 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-Network-Message-Id: 8028f964-f722-43b7-8ec2-08d8a1a91536
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: p0/9zRC990Z3aYq4gUofv6x/VWAu/G8U57q5iWmiDhErtkIFeHVxes7ck270WwURn/dtfDK0r7RbKA3Dt7OwkA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3085
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/s1KNysP1d9yPbVzFMqmAWc_KDJM>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 09:58:11 -0000

On 15/12/2020 12:51, tom petch wrote:
> On 14/12/2020 16:36, tom petch wrote:
>>
>> On 14/12/2020 14:53, Stephen Farrell wrote:
>>>
>>> On 10/11/2020 11:33, Stephen Farrell wrote:
>>>>
>>>> On 10/11/2020 11:30, tom petch wrote:
>>>>> Perhaps a second look at the algorithm
>>>>> to work out why these got missed to get a fix on how many more there
>>>>> may be.
>>>>
>>>> Sure, that's reasonable. (Mightn't be today.)
>>>
>>> Just did that check by comparing [1] to the RFCs
>>> referenced in the draft and best I can see only
>>> 5953 and 6353 were missing in the end.
>>>
>>> I'd argue it's ok to add those without re-doing
>>> the IETF LC as they were mentioned in early on,
>>> in the LC, but of course that's the AD's call.
>>>
>>> I'm doing the edits for draft-10 now so it'll
>>> pop out shortly.
>
> Stephen, indeed, it had popped while I was replying to your e-mail.
>
> I see RFC5953, RFC6353 have been added.  RFC5953 is obsoleted so should
> it be listed in 1.1 in the list of RFC already obsoleted, the one that
> start with RFC5101?

Stephen,

I have downloaded -11 (using FTP, of course:-) and it looks good to me,

Tom Petch

> Tom Petch
>
>> Stephen
>>
>> Thank you for checking. With those two being SNMP
>> and having both DTLS and TLS I was thinking of
>> conspiracy theories but no:-)
>> I should see the announcement of the updated I-D
>> and will check it when I do.
>> Like you, I do not see the need for a further LC
>> just for the addition of those two RFC,
>>
>> Tom Petch
>>
>>>
>>> Cheers,
>>> S.
>>>
>>> [1] https://datatracker.ietf.org/doc/rfc4347/referencedby/
>>>
>>>>
>>>> Cheers,
>>>> S.
>>>>
>>>> _______________________________________________
>>>> TLS mailing list
>>>> TLS@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/tls
>>>>
>>