Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Bill Frantz <frantz@pwpconsult.com> Wed, 02 December 2020 16:22 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18D203A1391; Wed, 2 Dec 2020 08:22:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mifRLU2rf8Er; Wed, 2 Dec 2020 08:22:40 -0800 (PST)
Received: from elasmtp-galgo.atl.sa.earthlink.net (elasmtp-galgo.atl.sa.earthlink.net [209.86.89.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 906583A138A; Wed, 2 Dec 2020 08:22:26 -0800 (PST)
Received: from [66.31.15.242] (helo=Williams-MacBook-Pro.local) by elasmtp-galgo.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <frantz@pwpconsult.com>) id 1kkUtW-000DYR-Ug; Wed, 02 Dec 2020 11:22:19 -0500
Date: Wed, 02 Dec 2020 11:22:18 -0500
From: Bill Frantz <frantz@pwpconsult.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
cc: Eliot Lear <lear@cisco.com>, Keith Moore <moore@network-heretics.com>, last-call@ietf.org, tls-chairs@ietf.org, draft-ietf-tls-oldversions-deprecate@ietf.org, tls@ietf.org
X-Priority: 3
In-Reply-To: <1606905451349.74964@cs.auckland.ac.nz>
Message-ID: <r480Ps-10146i-5D92DBE073F0406BAA96981F436B8E28@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4.3 (480)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7969d01828f5c147b1bb10c01ec2aa88fe350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 66.31.15.242
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vvLDVgI946R4w18ohb1rvQbcGRY>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 16:22:42 -0000

On 12/2/20 at 5:37 AM, pgut001@cs.auckland.ac.nz (Peter Gutmann) wrote:

>The fact that many of these devices are extremely critical is precisely why
>they're never replaced or upgraded, because they can't be taken out of
>production.

I would like to have a few more examples of "Can't be taken out 
of production".

One I think I can address are heart pacemakers. These are 
imbedded in the patients chests. Upgrading them requires 
surgery. However, they have a limited lifespan due to their 
batteries running down, I think we're talking about 10 years or 
so, so there is a time where upgrade is practical.

Every so often, the patient needs surgery to replace the 
batteries. During this surgery, the pacemaker function is taken 
over by equipment in the operating room. The questions here are:

  How much more surgical risk is there for replacing the whole pacemaker?

If, as I suspect, the delta risk is zero, because replacing the 
battery also involves removing the old pacemaker, then battery 
replacement time is the time to perform pacemaker upgrades.

  How much risk is there in delaying upgrade to the next battery replacement?

If we think about security risk, from now-vulnerable versions of 
TLS, then risk perception will depend on the individual patient. 
Vice President Dick Cheney was famous for being very concerned 
about being attacked via his pacemaker. In his case, he might 
have very well opted for early surgery to install an upgrade. 
Most others, I suspect, would chose to run the risks, at least 
until the first real-world attacks surface.

Can anyone else work through some examples?

Cheers - Bill

-------------------------------------------------------------------------------------
Bill Frantz        | Government is not reason, it is not 
eloquence, it is force; like
408-348-7900       | a fire, a troublesome servant and a fearful 
master. Never for a
www.pwpconsult.com | moment should it be left to irresponsible 
action. Geo Washington