IETF Logo Mail Archive

[TLS] Re: Mike Bishop's No Objection on draft-ietf-tls-rfc8446bis-12: (with COMMENT)

Eric Rescorla <ekr@rtfm.com> Mon, 02 June 2025 15:36 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 783972FC3590 for <tls@mail2.ietf.org>; Mon, 2 Jun 2025 08:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mN7RV0gc7cza for <tls@mail2.ietf.org>; Mon, 2 Jun 2025 08:36:09 -0700 (PDT)
Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8D4F92FC354B for <tls@ietf.org>; Mon, 2 Jun 2025 08:36:09 -0700 (PDT)
Received: by mail-yb1-xb2f.google.com with SMTP id 3f1490d57ef6-e812ed38d02so1626533276.0 for <tls@ietf.org>; Mon, 02 Jun 2025 08:36:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1748878569; x=1749483369; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=iVd/2zrYf47fEb43skSQm609vnIjkophkheZalrad0I=; b=X1OjrYg6v8enKgfy+MokUKlDDJO4phxgLK6hH9jaVvz8T8g8iBQP4zwaSwIZjjIvTU /9oVN0HRH5wIv7ldDU15ugStibfBO394Fxe+r88Tc9raGNwnFBqE2HsBmg2L341bXsn5 o5cAPbzPxNrZ4w4tPvIRKXqn7y5vOuqUR0mD0VthQmYN+rAxhyRphX3/26RvNNBhl+IM xasg1Ie12y4h7whC1ccxhvRw0vJr+FQ5790DnhGuPCjlEGcO5cCRU8KfEx0ycF01JGzu XXQIsEhynKmCgUdoM8uqK+jPTb1aUOeTul9exN2mDZtTG1WhV3fSO9mNi0m3PSCEum8U nMSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748878569; x=1749483369; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iVd/2zrYf47fEb43skSQm609vnIjkophkheZalrad0I=; b=hYGkr7L55AKrORrvJP+BL6IV3D2KaD7ecqrjg6yemEQUvN+PQUqxpseejb3aMUsjXP tGAU3nE1pwP9JOGXClmu+9J3/XMxZo5UAioUhKPx0FFzRV4KGky0nMS7Kzs/YqRaF1wZ 4e3oWYitJInv+Km5ZA2awRmIfXqMWXDxz0eCGZZGbdObOKYdP046EM+DaL+Q3MWZub5P VfYpVF4OGVNq7O3P5mZGj5JS6KD0cKr7a+PHkWssm6dltV9FD3G7M9Fd5ZMsjcgALWwI jT4JGFVRjiAw/Icm4RdMwyn9+kwLvZL7p6XSM4ENxn7kOahe2a+OizF2uMVHXAsX0KJX OQtA==
X-Forwarded-Encrypted: i=1; AJvYcCXgL02IJYbkzM7skzj/SyG4pFZm/4bfQKELT0evMxdrfjjOErkHCoK3DJjEiF0nPhwaPfE=@ietf.org
X-Gm-Message-State: AOJu0Yy6bFqXhPeSPuzrmEqjZA8cN8nh/p4xELSF0ia/QUGlLOM40UzH SMnvTVeTT16ogp/qxH42ykO3LzZckIfIH6//YUT4I/+Wss47MPgip21Mwer/UrDVaun/Xt/PU/v +MUtTHNVAw3RapBFkI/p2PfcjStlYtO9Pkw4MrqhNPw==
X-Gm-Gg: ASbGncvEqjcCGwXvrhnWoT19cd3zs3bwS+xIh/PF4eEQ+jEyfm8wO6wv+lEdau68EP3 A34caqxR74BFNLxZvzoQNxIDzQcQgDVt/9SZKQN4sUPc2T4Bas5zRzDxXlNk1QavR8h06TUXJlw ZqasvIX54iaQWO42AXSH8EPpoqYVvAhVxwWFA=
X-Google-Smtp-Source: AGHT+IHGEzSIEHR1//Z5TksHQFUVbtbLXAoSa10lVPga65tMNnNv2zet1Ovpw4kkNuChecHI+/XzqAiKzRWDIBdiSq0=
X-Received: by 2002:a05:6902:1082:b0:e81:5820:9a5 with SMTP id 3f1490d57ef6-e8158200a74mr2526578276.4.1748878568703; Mon, 02 Jun 2025 08:36:08 -0700 (PDT)
MIME-Version: 1.0
References: <174767061547.310160.15957128808257142354@dt-datatracker-59b84fc74f-84jsl> <CABcZeBOL=4bYocGd_agfCQ0kiYTOYH=Wbbsc2ZoE3SZs52waqw@mail.gmail.com> <IA0PPF726CD7A1FFEE479A7255771147F2ADA62A@IA0PPF726CD7A1F.namprd22.prod.outlook.com>
In-Reply-To: <IA0PPF726CD7A1FFEE479A7255771147F2ADA62A@IA0PPF726CD7A1F.namprd22.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 02 Jun 2025 08:35:32 -0700
X-Gm-Features: AX0GCFu6wiIYRivOM-mijI4_HQRtLw931Nini6cUcwljCeBnCl8CqizEnlGjmA8
Message-ID: <CABcZeBP-6j5sk6j+ok2zhG_8xfGOt32g52HbNDqq_du7+RiwkQ@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Content-Type: multipart/alternative; boundary="000000000000d80d450636988562"
Message-ID-Hash: AKV5FIYWRXTMWM5THX7SFDOISADPMY3A
X-Message-ID-Hash: AKV5FIYWRXTMWM5THX7SFDOISADPMY3A
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "draft-ietf-tls-rfc8446bis@ietf.org" <draft-ietf-tls-rfc8446bis@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Mike Bishop's No Objection on draft-ietf-tls-rfc8446bis-12: (with COMMENT)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/s3c33Xml6XkPZowmUhM8NoIE3FE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thanks.

It might help to start with some background. While it's true that the IETF
has deprecated TLS versions prior to TLS 1.2, we also know that there
are many sites which support TLS 1.0 and TLS 1.1. [0]

We would still like those implementations to perform anti-downgrade, despite
violating this other MUST. So, I don't think that treating this as a
historical
requirement is the right answer.

-Ekr


[0] https://www.ssllabs.com/ssl-pulse/





On Mon, Jun 2, 2025 at 7:40 AM Mike Bishop <mbishop@evequefou.be> wrote:

> Sorry, I should have quoted it. It's
> https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#section-4.1.3-11 in
> the editor's copy:
>
> [RFC8996
> <https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#RFC8996>] and
> Appendix E.5
> <https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#backward-compatibility-security> forbid
> the negotiation of TLS versions below 1.2. However, server implementations
> which do not follow that guidance MUST set the last 8 bytes of their
> ServerHello.random value to the bytes:
>
>   44 4F 57 4E 47 52 44 00
>
> Appendix E.5 states that versions below 1.2 "MUST NOT be negotiated for
> any reason," yet this text then has a MUST-level requirement applying
> exclusively to server implementations which ignore the MUST NOT.
> ------------------------------
> *From:* Eric Rescorla <ekr@rtfm.com>
> *Sent:* Friday, May 30, 2025 10:54 AM
> *To:* Mike Bishop <mbishop@evequefou.be>
> *Cc:* The IESG <iesg@ietf.org>; draft-ietf-tls-rfc8446bis@ietf.org <
> draft-ietf-tls-rfc8446bis@ietf.org>; tls-chairs@ietf.org <
> tls-chairs@ietf.org>; tls@ietf.org <tls@ietf.org>; sean@sn3rd.com <
> sean@sn3rd.com>
> *Subject:* Re: Mike Bishop's No Objection on
> draft-ietf-tls-rfc8446bis-12: (with COMMENT)
>
> Thank you for comments. I have made a PR to address most of these comments:
>
> https://github.com/tlswg/tls13-spec/pull/1385
>
> I am a bit unsure about one comment. Can you point to the offending text
> for the
> comment below:
>
>
> The language around the SCSV for pre-1.2 values feels odd. You MUST NOT
> negotiate older versions, but if you do anyway, you MUST do it this way? I
> would shift this to a description of how clients and servers were required
> to
> behave prior to this revision of 1.3 at most.
>
>

v2.35.0 | Report a Bug | By Email | System Status