IETF Logo Mail Archive

Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 01 October 2019 11:07 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2656B12013C for <tls@ietfa.amsl.com>; Tue, 1 Oct 2019 04:07:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lERzKl9ap3sj for <tls@ietfa.amsl.com>; Tue, 1 Oct 2019 04:07:15 -0700 (PDT)
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A2D112006D for <tls@ietf.org>; Tue, 1 Oct 2019 04:07:15 -0700 (PDT)
Received: by mail-oi1-x22d.google.com with SMTP id i185so13964665oif.9 for <tls@ietf.org>; Tue, 01 Oct 2019 04:07:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/Ap5RNMC0CVPZqjxiMU28eCpV//gWUJ0sESeZWXfWzA=; b=iTNy++7EMQeQZe0FZls/zRJEcm/PhCGCuVXUdeRzMO0rAVEKkLj9aB61QdwtuJvZ55 OvsLy6aTOayssTPTF2OLTzNLIuV71Y80C1GNnr2LAoImoEnqEd9YuWLHRCji4078AgEp AkSBCLIa5ESXNxhlzobqJIouAXqaOnL5us0s8SIqTAT67i9qcjcg9sQ7ZqoLglOGKBZU 11lrzXZx/MAHnlLXamUsZAwmDxZZ2APPYCzzGY3XWSB1QZDL0zp+4HRTKzzosW8U2V2I 8p6MnQ59j8foM2o/+fmdKq5j96PdWm7TDyfQSM6G5h3qd+tEylAVmIuCvelASk/t7lh/ SfUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/Ap5RNMC0CVPZqjxiMU28eCpV//gWUJ0sESeZWXfWzA=; b=eyMV+Uc5W86uJBb5Qggd50Y24dOf4q6IBWGGasTaogv7gmQtFrIcUR3S/jhro5djhA A9go5N9lj2zB92DmvpZrW4ORS1pN/QzP1GLro/Rxtl/bDDQYOKhmH/nAhOS5OUT71n2o +AGhcckaPyh7DQBoTvfqeAH2rsY5opuGsrYPo9GdAvnT60CJ1FPjIyVIElEDa3Ux0jbd kGkUNYn/AbMAbRo6uDC6AWMhCBnIqI45wBPBYcXoYaErNhQgtEDXKOfamEN5+dUe+O08 d6h8mNkKSS13ddcKpGBHb+IsuA81EmkKy7kkkK6YSEYuySjj3zj5PoUNExkqRG41d6RG dOmA==
X-Gm-Message-State: APjAAAW5TBK6Mp2ROJu6t27plUohf1JLlnuuGkqhz6f2K+rv6I3qMbBY MxAk3c2KVaZSGgJKXP80mpxkLAVkaH/2k01RKqE=
X-Google-Smtp-Source: APXvYqxDEPs51T3Hs9sLZkk/4+bjNtoNIr7qVFnz9YdzXyxxX3vISaYRo0l6QYR4QGtMMiwOLlOgGE1qGauj4xcAc3o=
X-Received: by 2002:aca:4c46:: with SMTP id z67mr1969961oia.158.1569928034740; Tue, 01 Oct 2019 04:07:14 -0700 (PDT)
MIME-Version: 1.0
References: <BF5F63A6-105B-47C6-8B65-29A290A16E76@akamai.com> <8B2B78CF-F312-4F7A-8EB1-A712F309A754@gmail.com> <CADZyTknH0ivQc-xW-di1XKC7w-9A5TCF8vhLLCrR9jQbcqY5dw@mail.gmail.com> <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com> <4DE775B5-B15B-469F-A50C-3DB5B86AA5D4@ericsson.com>
In-Reply-To: <4DE775B5-B15B-469F-A50C-3DB5B86AA5D4@ericsson.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 01 Oct 2019 07:06:38 -0400
Message-ID: <CAHbuEH5FtCDe55eoXtbcSxNAg0Vc0-NUXDDBKgKUcJQQosUXxQ@mail.gmail.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: Martin Thomson <mt@lowentropy.net>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d56e6e0593d75a1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/spmGNPw0JED4q-D-ImZr7S4QsUA>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 11:07:18 -0000

On Tue, Oct 1, 2019 at 4:00 AM John Mattsson <john.mattsson=
40ericsson.com@dmarc.ietf.org> wrote:

> Martin Thomson <mt@lowentropy.net>; wrote:
>
> >When we release a new version of something, we are sending a message:
> >
> >1. new implementations and deployments MUST include support for newer
> versions
> >2. existing implementations and deployments SHOULD be updated to support
> newer versions
>
> I agree very much with this summary and I would like to have it published
> somewhere. Take for example RFC 8261. It was published almost 6 years after
> RFC 6347 made DTLS 1.0 obsolete and still mandated support for DTLS 1.0 and
> not DTLS 1.2. I think this is one of the lessons IETF should learn from the
> TLS 1.0 and TLS 1.1 deprecation. How do we stop this from happening in the
> future? For an external viewer it must look pretty strange that IETF in Nov
> 2017 published an RFC relying on DTLS 1.0 and then 7 months later started
> working on a draft forbidding its use....
>
> I would like to see something like the following statements published:
>
> "New implementations and deployments MUST include support for TLS 1.3"
>
We have this already, I believe in new drafts.


> "Existing implementations and deployments SHOULD be updated to support TLS
> 1.3"
> "Existing implementations and deployments SHALL support TLS 1.3 by January
> 1, 2024"
>

Are you proposing a draft to state this?  If agreeable, this could be a
quick draft and support for 1.3 is a reasonable request to align with
requirements in industry.  I'm not sure if our statement will drive the
date as much as NIST's, but it couldn't hurt and I would be surprised if
there were any objections to this.

I don't think anything other than an RFC is the right approach, unless
there is an avenue I am not thinking about as having IETF consensus would
be what you'd want for it.


>
> >> """The expectation is that TLSv1.2 will continue to be used for many
> >> years alongside TLSv1.3."""
> >
> >Some people have that expectation, but I think that John is right to
> challenge it.  >There remain reasons that people are sticking with 1.2 for
> now, but those reasons >are mostly to do with allowing time to flush out
> the vestiges of a dependency on >some of the TLS 1.2 idiosyncrasies.
>
> I agree with Martin, and irrespectively of whether it is true or not, I do
> not see any need to have this sentence in an IETF draft.
>

As for this sentence, we'll see where the discussion settles out - removing
or altering it.

Best regards,
Kathleen

>
> Cheers,
> John
>
> -----Original Message-----
> From: TLS <tls-bounces@ietf.org> on behalf of Martin Thomson <
> mt@lowentropy.net>
> Date: Friday, 27 September 2019 at 02:03
> To: "TLS@ietf.org" <tls@ietf.org>
> Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
>
>     So I agree with Kathleen's conclusion: not to change the goals of the
> current document.  But there are changes that I think are necessary (and
> thanks to Daniel and John for highlighting these).
>
>     BTW, I've moved this to the TLS working group, because this is an
> active topic there and I don't see anything in my email that SAAG needs to
> concern itself with.
>
>     On Fri, Sep 27, 2019, at 01:00, Daniel Migault wrote:
>     > My understanding of deprecating of TLS1.0 TLS 1.1 is that:
>     > a) new software do not use these versions
>     > b) existing software stop supporting these versions.
>
>     That differs from my perspective.
>
>     When we release a new version of something, we are sending a message:
>
>     1. new implementations and deployments MUST include support for newer
> versions
>     2. existing implementations and deployments SHOULD be updated to
> support newer versions
>
>     When we deprecate an old version of something, we are sending a
> message:
>
>     3. only use this old version if you absolutely have to
>     4. you are encouraged to take active measures to remove the need to
> use the old version
>     5. you have our support if you decide not to support this old version
>
>     Now, "support" from the IETF is about as meaningful as you think it
> is.  And you can s/MUST/really ought to/ and s/SHOULD/may wish to/
> [RFC6919].
>
>     In browser-land, we've decided to form a coalition when it comes to
> removing TLS 1.0/1.1.  3GPP have obviously got their own support group,
> which seems to be functioning effectively, which is great.
>
>     > """The expectation is that TLSv1.2 will continue to be used for many
>     > years alongside TLSv1.3."""
>
>     Some people have that expectation, but I think that John is right to
> challenge it.  There remain reasons that people are sticking with 1.2 for
> now, but those reasons are mostly to do with allowing time to flush out the
> vestiges of a dependency on some of the TLS 1.2 idiosyncrasies.
>
>     I would advocate for removing this statement and any residue of that
> sentiment from the draft.  It's speculation and, even if it were true, it
> conveys the wrong message.  The only message I would include is that one
> that is further down the document: "Any newer version of TLS is more secure
> than TLSv1.1."
>
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org
>     https://www.ietf.org/mailman/listinfo/tls
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email