Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Bill Frantz <frantz@pwpconsult.com> Fri, 22 May 2015 21:52 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5938C1A8934 for <tls@ietfa.amsl.com>; Fri, 22 May 2015 14:52:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w621n1RinwW2 for <tls@ietfa.amsl.com>; Fri, 22 May 2015 14:52:49 -0700 (PDT)
Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by ietfa.amsl.com (Postfix) with ESMTP id BDABF1A8928 for <tls@ietf.org>; Fri, 22 May 2015 14:52:49 -0700 (PDT)
Received: from [173.75.83.233] (helo=Williams-MacBook-Pro.local) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1Yvus3-0001U2-1p; Fri, 22 May 2015 17:52:47 -0400
Date: Fri, 22 May 2015 14:52:46 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Dave Garrett <davemgarrett@gmail.com>
X-Priority: 3
In-Reply-To: <201505221236.34122.davemgarrett@gmail.com>
Message-ID: <r422Ps-1075i-2FE4AF2631A54E739D4B8EB0C4ED46AB@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7910c54baf8bd12562343f088928da1b39350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.233
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/s7Gmpo0912zqE39WGlCX_GMzCbs>
Cc: tls@ietf.org
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 21:52:51 -0000

On 5/22/15 at 9:36 AM, davemgarrett@gmail.com (Dave Garrett) wrote:

>On Friday, May 22, 2015 11:38:14 am Salz, Rich wrote:
>>Most of the net doesn't support IPv6.
>
>This is an ISP issue. Plenty of clients support it, but their network won't route it.

Here is another case where revenue models have a significant 
impact on security. (Another is the CA system.) ISPs charge 
extra for IP addresses that can run servers. If every device has 
its own IPv6 address, then every device can run a server. ISPs 
like IPv4 and NAT.

If you want earlier versions of TLS to die, figure out a revenue 
model for someone which will cause them to help make that 
happen. (No, I can't think of one immediately either.)

In the case of Peter's "living forever" devices, there may be a 
revenue model in replacing them. But that kind of replacement 
sounds like 1950s US auto makers planned obsolescence.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | "The only thing we have to   | Periwinkle
(408)356-8506      | fear is fear itself." - FDR  | 16345 
Englewood Ave
www.pwpconsult.com | Inaugural address, 3/4/1933  | Los Gatos, 
CA 95032