Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 01 October 2019 11:07 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2656B12013C for <tls@ietfa.amsl.com>; Tue, 1 Oct 2019 04:07:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lERzKl9ap3sj for <tls@ietfa.amsl.com>; Tue, 1 Oct 2019 04:07:15 -0700 (PDT)
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A2D112006D for <tls@ietf.org>; Tue, 1 Oct 2019 04:07:15 -0700 (PDT)
Received: by mail-oi1-x22d.google.com with SMTP id i185so13964665oif.9 for <tls@ietf.org>; Tue, 01 Oct 2019 04:07:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/Ap5RNMC0CVPZqjxiMU28eCpV//gWUJ0sESeZWXfWzA=; b=iTNy++7EMQeQZe0FZls/zRJEcm/PhCGCuVXUdeRzMO0rAVEKkLj9aB61QdwtuJvZ55 OvsLy6aTOayssTPTF2OLTzNLIuV71Y80C1GNnr2LAoImoEnqEd9YuWLHRCji4078AgEp AkSBCLIa5ESXNxhlzobqJIouAXqaOnL5us0s8SIqTAT67i9qcjcg9sQ7ZqoLglOGKBZU 11lrzXZx/MAHnlLXamUsZAwmDxZZ2APPYCzzGY3XWSB1QZDL0zp+4HRTKzzosW8U2V2I 8p6MnQ59j8foM2o/+fmdKq5j96PdWm7TDyfQSM6G5h3qd+tEylAVmIuCvelASk/t7lh/ SfUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/Ap5RNMC0CVPZqjxiMU28eCpV//gWUJ0sESeZWXfWzA=; b=eyMV+Uc5W86uJBb5Qggd50Y24dOf4q6IBWGGasTaogv7gmQtFrIcUR3S/jhro5djhA A9go5N9lj2zB92DmvpZrW4ORS1pN/QzP1GLro/Rxtl/bDDQYOKhmH/nAhOS5OUT71n2o +AGhcckaPyh7DQBoTvfqeAH2rsY5opuGsrYPo9GdAvnT60CJ1FPjIyVIElEDa3Ux0jbd kGkUNYn/AbMAbRo6uDC6AWMhCBnIqI45wBPBYcXoYaErNhQgtEDXKOfamEN5+dUe+O08 d6h8mNkKSS13ddcKpGBHb+IsuA81EmkKy7kkkK6YSEYuySjj3zj5PoUNExkqRG41d6RG dOmA==
X-Gm-Message-State: APjAAAW5TBK6Mp2ROJu6t27plUohf1JLlnuuGkqhz6f2K+rv6I3qMbBY MxAk3c2KVaZSGgJKXP80mpxkLAVkaH/2k01RKqE=
X-Google-Smtp-Source: APXvYqxDEPs51T3Hs9sLZkk/4+bjNtoNIr7qVFnz9YdzXyxxX3vISaYRo0l6QYR4QGtMMiwOLlOgGE1qGauj4xcAc3o=
X-Received: by 2002:aca:4c46:: with SMTP id z67mr1969961oia.158.1569928034740; Tue, 01 Oct 2019 04:07:14 -0700 (PDT)
MIME-Version: 1.0
References: <BF5F63A6-105B-47C6-8B65-29A290A16E76@akamai.com> <8B2B78CF-F312-4F7A-8EB1-A712F309A754@gmail.com> <CADZyTknH0ivQc-xW-di1XKC7w-9A5TCF8vhLLCrR9jQbcqY5dw@mail.gmail.com> <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com> <4DE775B5-B15B-469F-A50C-3DB5B86AA5D4@ericsson.com>
In-Reply-To: <4DE775B5-B15B-469F-A50C-3DB5B86AA5D4@ericsson.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 01 Oct 2019 07:06:38 -0400
Message-ID: <CAHbuEH5FtCDe55eoXtbcSxNAg0Vc0-NUXDDBKgKUcJQQosUXxQ@mail.gmail.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: Martin Thomson <mt@lowentropy.net>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d56e6e0593d75a1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/spmGNPw0JED4q-D-ImZr7S4QsUA>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 11:07:18 -0000
On Tue, Oct 1, 2019 at 4:00 AM John Mattsson <john.mattsson= 40ericsson.com@dmarc.ietf.org> wrote: > Martin Thomson <mt@lowentropy.net>; wrote: > > >When we release a new version of something, we are sending a message: > > > >1. new implementations and deployments MUST include support for newer > versions > >2. existing implementations and deployments SHOULD be updated to support > newer versions > > I agree very much with this summary and I would like to have it published > somewhere. Take for example RFC 8261. It was published almost 6 years after > RFC 6347 made DTLS 1.0 obsolete and still mandated support for DTLS 1.0 and > not DTLS 1.2. I think this is one of the lessons IETF should learn from the > TLS 1.0 and TLS 1.1 deprecation. How do we stop this from happening in the > future? For an external viewer it must look pretty strange that IETF in Nov > 2017 published an RFC relying on DTLS 1.0 and then 7 months later started > working on a draft forbidding its use.... > > I would like to see something like the following statements published: > > "New implementations and deployments MUST include support for TLS 1.3" > We have this already, I believe in new drafts. > "Existing implementations and deployments SHOULD be updated to support TLS > 1.3" > "Existing implementations and deployments SHALL support TLS 1.3 by January > 1, 2024" > Are you proposing a draft to state this? If agreeable, this could be a quick draft and support for 1.3 is a reasonable request to align with requirements in industry. I'm not sure if our statement will drive the date as much as NIST's, but it couldn't hurt and I would be surprised if there were any objections to this. I don't think anything other than an RFC is the right approach, unless there is an avenue I am not thinking about as having IETF consensus would be what you'd want for it. > > >> """The expectation is that TLSv1.2 will continue to be used for many > >> years alongside TLSv1.3.""" > > > >Some people have that expectation, but I think that John is right to > challenge it. >There remain reasons that people are sticking with 1.2 for > now, but those reasons >are mostly to do with allowing time to flush out > the vestiges of a dependency on >some of the TLS 1.2 idiosyncrasies. > > I agree with Martin, and irrespectively of whether it is true or not, I do > not see any need to have this sentence in an IETF draft. > As for this sentence, we'll see where the discussion settles out - removing or altering it. Best regards, Kathleen > > Cheers, > John > > -----Original Message----- > From: TLS <tls-bounces@ietf.org> on behalf of Martin Thomson < > mt@lowentropy.net> > Date: Friday, 27 September 2019 at 02:03 > To: "TLS@ietf.org" <tls@ietf.org> > Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation > > So I agree with Kathleen's conclusion: not to change the goals of the > current document. But there are changes that I think are necessary (and > thanks to Daniel and John for highlighting these). > > BTW, I've moved this to the TLS working group, because this is an > active topic there and I don't see anything in my email that SAAG needs to > concern itself with. > > On Fri, Sep 27, 2019, at 01:00, Daniel Migault wrote: > > My understanding of deprecating of TLS1.0 TLS 1.1 is that: > > a) new software do not use these versions > > b) existing software stop supporting these versions. > > That differs from my perspective. > > When we release a new version of something, we are sending a message: > > 1. new implementations and deployments MUST include support for newer > versions > 2. existing implementations and deployments SHOULD be updated to > support newer versions > > When we deprecate an old version of something, we are sending a > message: > > 3. only use this old version if you absolutely have to > 4. you are encouraged to take active measures to remove the need to > use the old version > 5. you have our support if you decide not to support this old version > > Now, "support" from the IETF is about as meaningful as you think it > is. And you can s/MUST/really ought to/ and s/SHOULD/may wish to/ > [RFC6919]. > > In browser-land, we've decided to form a coalition when it comes to > removing TLS 1.0/1.1. 3GPP have obviously got their own support group, > which seems to be functioning effectively, which is great. > > > """The expectation is that TLSv1.2 will continue to be used for many > > years alongside TLSv1.3.""" > > Some people have that expectation, but I think that John is right to > challenge it. There remain reasons that people are sticking with 1.2 for > now, but those reasons are mostly to do with allowing time to flush out the > vestiges of a dependency on some of the TLS 1.2 idiosyncrasies. > > I would advocate for removing this statement and any residue of that > sentiment from the draft. It's speculation and, even if it were true, it > conveys the wrong message. The only message I would include is that one > that is further down the document: "Any newer version of TLS is more secure > than TLSv1.1." > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Best regards, Kathleen
- [TLS] Lessons learned from TLS 1.0 and TLS 1.1 de… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Michael Richardson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Martin Thomson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Martin Thomson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Simon Bernard
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Eric Rescorla
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Salz, Rich
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… David Benjamin
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Benjamin Kaduk
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Stephen Farrell
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Kathleen Moriarty
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… hannes.tschofenig
- Re: [TLS] [saag] Lessons learned from TLS 1.0 and… Michael Richardson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Daniel Migault
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Peter Gutmann
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… John Mattsson
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Christopher Wood
- Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.… Hannes Tschofenig