[TLS] FW: [saag] getting rid of fairly old stuff (was: Re: POODLE avant le chein)
"Salz, Rich" <rsalz@akamai.com> Wed, 15 October 2014 16:27 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 308311A88F9 for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 09:27:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5h6Of4zMUMry for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 09:27:11 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 2FF921A8791 for <tls@ietf.org>; Wed, 15 Oct 2014 09:27:11 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 78773165930 for <tls@ietf.org>; Wed, 15 Oct 2014 16:27:10 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id 6D7CA165929 for <tls@ietf.org>; Wed, 15 Oct 2014 16:27:10 +0000 (GMT)
Received: from email.msg.corp.akamai.com (usma1ex-cas1.msg.corp.akamai.com [172.27.123.30]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 54ADC1E041 for <tls@ietf.org>; Wed, 15 Oct 2014 16:27:10 +0000 (GMT)
Received: from usma1ex-cashub6.kendall.corp.akamai.com (172.27.105.22) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.913.22; Wed, 15 Oct 2014 12:26:55 -0400
Received: from USMBX1.msg.corp.akamai.com ([169.254.1.71]) by USMA1EX-CASHUB6.kendall.corp.akamai.com ([172.27.105.22]) with mapi; Wed, 15 Oct 2014 12:26:55 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Date: Wed, 15 Oct 2014 12:26:52 -0400
Thread-Topic: [saag] getting rid of fairly old stuff (was: Re: POODLE avant le chein)
Thread-Index: Ac/okJmQ5/RYF5DuRWS268uANGNG0wAA+zSg
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9F4@USMBX1.msg.corp.akamai.com>
References: <CACsn0c=CW3nCfpEa9SVNUxdUaNT2j2h4p4yJ3o0XXtoTXEkBPg@mail.gmail.com> <543E5B35.5000604@iang.org> <A3CE45F3-90C3-4D50-A577-06D8F9472F55@gmail.com> <CE03DB3D7B45C245BCA0D243277949360597C1@MX104CL02.corp.emc.com> <CAHbuEH65fZBW8XUaG3FK-mK+TzCVWCurHqwci1zMeya50LRUVw@mail.gmail.com> <543E992C.7000802@cs.tcd.ie>
In-Reply-To: <543E992C.7000802@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/sClwCuiC_32XzJ3HGGt0oe_IhNk
Subject: [TLS] FW: [saag] getting rid of fairly old stuff (was: Re: POODLE avant le chein)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2014 16:27:12 -0000
>From Mr. Farrell in the SAAG mailing list: >If they can now get rid of SSLv3 within say a couple of months, (and I hope they can), then we should maybe be asking ourselves if we (the IETF) can help 'em somehow not let such stuff linger for so long in future. Not sure how, but say if we'd published an "SSLv3 considered possibly harmful" RFC about 8 years after RFC 2246 was published, do we think that might have helped, or might an equivalent help in future? Looking about randomly, I see TLS1.1 is 8 years old now:-) > And just to clarify, my question isn't really about TLS, but about whether there's an IETF thing to be done here that might help. (And the answer for now is I'm not sure.) I'd like suggest we spend some time chatting about this. Maybe it's just over fine bottled water at dinner, or maybe it's an official agenda item. While he's right to be concerned about the larger problem, I think that as the "canary in the coal mine" and the most bruised and battered protocol, we might be a very group to help kickstart this.