Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Bill Frantz <frantz@pwpconsult.com> Wed, 02 December 2020 16:22 UTC
Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18D203A1391; Wed, 2 Dec 2020 08:22:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mifRLU2rf8Er; Wed, 2 Dec 2020 08:22:40 -0800 (PST)
Received: from elasmtp-galgo.atl.sa.earthlink.net (elasmtp-galgo.atl.sa.earthlink.net [209.86.89.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 906583A138A; Wed, 2 Dec 2020 08:22:26 -0800 (PST)
Received: from [66.31.15.242] (helo=Williams-MacBook-Pro.local) by elasmtp-galgo.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <frantz@pwpconsult.com>) id 1kkUtW-000DYR-Ug; Wed, 02 Dec 2020 11:22:19 -0500
Date: Wed, 02 Dec 2020 11:22:18 -0500
From: Bill Frantz <frantz@pwpconsult.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
cc: Eliot Lear <lear@cisco.com>, Keith Moore <moore@network-heretics.com>, last-call@ietf.org, tls-chairs@ietf.org, draft-ietf-tls-oldversions-deprecate@ietf.org, tls@ietf.org
X-Priority: 3
In-Reply-To: <1606905451349.74964@cs.auckland.ac.nz>
Message-ID: <r480Ps-10146i-5D92DBE073F0406BAA96981F436B8E28@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4.3 (480)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7969d01828f5c147b1bb10c01ec2aa88fe350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 66.31.15.242
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vvLDVgI946R4w18ohb1rvQbcGRY>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 16:22:42 -0000
On 12/2/20 at 5:37 AM, pgut001@cs.auckland.ac.nz (Peter Gutmann) wrote: >The fact that many of these devices are extremely critical is precisely why >they're never replaced or upgraded, because they can't be taken out of >production. I would like to have a few more examples of "Can't be taken out of production". One I think I can address are heart pacemakers. These are imbedded in the patients chests. Upgrading them requires surgery. However, they have a limited lifespan due to their batteries running down, I think we're talking about 10 years or so, so there is a time where upgrade is practical. Every so often, the patient needs surgery to replace the batteries. During this surgery, the pacemaker function is taken over by equipment in the operating room. The questions here are: How much more surgical risk is there for replacing the whole pacemaker? If, as I suspect, the delta risk is zero, because replacing the battery also involves removing the old pacemaker, then battery replacement time is the time to perform pacemaker upgrades. How much risk is there in delaying upgrade to the next battery replacement? If we think about security risk, from now-vulnerable versions of TLS, then risk perception will depend on the individual patient. Vice President Dick Cheney was famous for being very concerned about being attacked via his pacemaker. In his case, he might have very well opted for early surgery to install an upgrade. Most others, I suspect, would chose to run the risks, at least until the first real-world attacks surface. Can anyone else work through some examples? Cheers - Bill ------------------------------------------------------------------------------------- Bill Frantz | Government is not reason, it is not eloquence, it is force; like 408-348-7900 | a fire, a troublesome servant and a fearful master. Never for a www.pwpconsult.com | moment should it be left to irresponsible action. Geo Washington
- [TLS] Last Call: <draft-ietf-tls-oldversions-depr… The IESG
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… tom petch
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… tom petch
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Sean Turner
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Keith Moore
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Eric Rescorla
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Eric Rescorla
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Gary Gapinski
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Eric Rescorla
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Eliot Lear
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Nick Lamb
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Martin Duke
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Peter Gutmann
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Keith Moore
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Viktor Dukhovni
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ben Smyth
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Olle E. Johansson
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Peter Gutmann
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Keith Moore
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Salz, Rich
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Bill Frantz
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Joe Abley
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Eliot Lear
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Gary Gapinski
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Watson Ladd
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… STARK, BARBARA H
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… BRUNGARD, DEBORAH A
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… BRUNGARD, DEBORAH A
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Andrew Campling
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… tom petch
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ackermann, Michael
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Nick Hilliard
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Ted Lemon
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Rob Sayre
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Nick Hilliard
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Christian de Larrinaga
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Kathleen Moriarty
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Kathleen Moriarty
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Peter Gutmann
- [TLS] Results of Last Call: <draft-ietf-tls-oldve… Benjamin Kaduk
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… tom petch
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Gary Gapinski
- Re: [TLS] Last Call: <draft-ietf-tls-oldversions-… Stephen Farrell
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… tom petch
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… Stephen Farrell
- Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-… tom petch