Re: [TLS] Products supporting TLS 1.0 & some other high-level questions
Eric Rescorla <ekr@rtfm.com> Mon, 06 October 2014 02:33 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB11F1A0334 for <tls@ietfa.amsl.com>; Sun, 5 Oct 2014 19:33:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esrJscENrvO1 for <tls@ietfa.amsl.com>; Sun, 5 Oct 2014 19:33:58 -0700 (PDT)
Received: from mail-wg0-f47.google.com (mail-wg0-f47.google.com [74.125.82.47]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76D8A1A0331 for <tls@ietf.org>; Sun, 5 Oct 2014 19:33:58 -0700 (PDT)
Received: by mail-wg0-f47.google.com with SMTP id x13so5369411wgg.6 for <tls@ietf.org>; Sun, 05 Oct 2014 19:33:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=0+UxvcZodQYf1jNkjjgBIoxAPL2XIXdRZ8h/WQ9TbXI=; b=F4/3ycLZQJEHl+nKQd6XgM9nJU4d6UK+scMVo1WZMNddc5r6SAq4okNi0Nt3ezk0Zh XtFMiyY+trd+diS+yu21zpBOGGfKxpNi4fM19KegylQpDO1ASx8IQuOwTcqZ+mwtjcqz ji0npAqBOM+GPTVs6IAi9JugQVolZYBu9bDXX/4Pn2GHuyOMUOFyZkA1RJMcAA+se0EO FuHCVDfiQe3zz7dh7HVfId6Cq2XmcNRROXY76F6qA++h6gsthvKyOqKJYHPgOFH1FXIs Q2xMWsBO8QsLEpAtwQrUADRUc1j4EJNR1GD+JRgPTTd9gZf5xJT5O8zKaAiGqm3THVTP izCA==
X-Gm-Message-State: ALoCoQl4SGbhPrSkJS5AdOlHjln6St5ZwPxbkfhXYaRLXOPVoYWR3HgXHz0y9qmNkgEvTtEyzd2M
X-Received: by 10.180.106.104 with SMTP id gt8mr7618658wib.13.1412562837092; Sun, 05 Oct 2014 19:33:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.130.130 with HTTP; Sun, 5 Oct 2014 19:33:17 -0700 (PDT)
In-Reply-To: <CACsn0c=kDE1mS_jksKtrOOgWLgcocB+chBsdsFZggSJZDvwhwg@mail.gmail.com>
References: <CACsn0c=kDE1mS_jksKtrOOgWLgcocB+chBsdsFZggSJZDvwhwg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 05 Oct 2014 19:33:17 -0700
Message-ID: <CABcZeBM1uytPVgqC4OioX3ZaKY07sURaXsP9ov=Q4oeYYiCtJg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="f46d04428ee220cb0b0504b7ea67"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/wfkP5KTfuM9TJxAFi_ZGVLsQLNo
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Products supporting TLS 1.0 & some other high-level questions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 02:34:00 -0000
On Sun, Oct 5, 2014 at 7:22 PM, Watson Ladd <watsonbladd@gmail.com> wrote: > Is the prefered path > -Adoption of TLS 1.3 > -Adoption of TLS 1.2+session_hash fix > -Indefinite support for TLS 1.0 plus multiple, not widely deployed fixes. > As a practical matter, we're likely to get at least the first two and probably all three. The other high level question is tying to X509. The current draft > requires the server and client to be identified by X509 certificates. > While this repeats what previous versions have done, X509 is not a > perfect match for all uses. As you probably know, there are TLS documents which allow for both PGP (RFC 6091) and for raw keys (RFC 7250). I haven't studied the matter, but I expect that they are compatible or can be made compatible with TLS 1.3. For obvious reasons, we'll likely need to retain X.509, but we can certainly reference/update these documents or merge them in if people really want to. -Ekr
- [TLS] Products supporting TLS 1.0 & some other hi… Watson Ladd
- Re: [TLS] Products supporting TLS 1.0 & some othe… Eric Rescorla
- Re: [TLS] Products supporting TLS 1.0 & some othe… Salz, Rich
- Re: [TLS] Products supporting TLS 1.0 & some othe… Peter Gutmann
- Re: [TLS] Products supporting TLS 1.0 & some othe… Carl S. Gutekunst