IETF Logo Mail Archive

Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation

Daniel Migault <daniel.migault@ericsson.com> Fri, 27 September 2019 02:38 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04588120074 for <tls@ietfa.amsl.com>; Thu, 26 Sep 2019 19:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.026, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jz_akjDfJ5CB for <tls@ietfa.amsl.com>; Thu, 26 Sep 2019 19:38:49 -0700 (PDT)
Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com [209.85.217.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3562612001A for <tls@ietf.org>; Thu, 26 Sep 2019 19:38:49 -0700 (PDT)
Received: by mail-vs1-f53.google.com with SMTP id w195so835882vsw.11 for <tls@ietf.org>; Thu, 26 Sep 2019 19:38:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Zuu4CP9fpdsoENeDVPo7cgEyDfBvlrHHbgPATS8kQeA=; b=Y600AkxLmxvenIt8O8ZUhUfalae8MQZSEFEeI6vcN5LCBHi9CJzyXna0Gur2L268dv C9EII8Mrh5v9McYB8vgpW8twHgK3ymWLsFGjw8RjTJBb5HS2y2HVZ3bVn+0kV8JdTT1L OX8dY7GMcuCxMxcqRwFRCjxUIkuuNySNXCmI6i4+ghdlwYK2+vDy4t+sisk0tKYrMHnc ekx4qbPqKy44I6MZb2WRljK8aSlYoioj6JI6UH6WghcZWR2yng7dbvUxA2hGJksZiInt BntqWb3dbzC13VoVtx6DZx/RgTAEqzdmgJ6OYGVxyyJo9n11+R9rChhxBu3Q/qNO09wL RPZw==
X-Gm-Message-State: APjAAAVdqNv7CpjhGWgtUA+t3nn1jesVr9Th5raPiPX+eTaBC/IZXMws MVvNp668m844s432orET5tE/Bz3pTlXPadT3NCvM4A==
X-Google-Smtp-Source: APXvYqyxUYX203wHJY8UIkTBgboCbRbALwVCUvFfoR+3/2qbyWF8CMYflNGwnGSt/h+qibME/kqEVy/ByMkvX7sryb4=
X-Received: by 2002:a67:fbd8:: with SMTP id o24mr1200994vsr.180.1569551928219; Thu, 26 Sep 2019 19:38:48 -0700 (PDT)
MIME-Version: 1.0
References: <BF5F63A6-105B-47C6-8B65-29A290A16E76@akamai.com> <8B2B78CF-F312-4F7A-8EB1-A712F309A754@gmail.com> <CADZyTknH0ivQc-xW-di1XKC7w-9A5TCF8vhLLCrR9jQbcqY5dw@mail.gmail.com> <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com>
In-Reply-To: <d4b01c69-6047-467b-8538-9780f6872fe1@www.fastmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Thu, 26 Sep 2019 22:38:36 -0400
Message-ID: <CADZyTk=6=-NAZ7P+TWnzX9WccPW9EZLs4rHC5FGj_DifGXqB2A@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: tls <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002360df05937fc9b8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xIVQykWCnCd3rTW3kiWFgZZId64>
Subject: Re: [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 02:38:52 -0000

On Thu, Sep 26, 2019 at 8:03 PM Martin Thomson <mt@lowentropy.net> wrote:

> So I agree with Kathleen's conclusion: not to change the goals of the
> current document.  But there are changes that I think are necessary (and
> thanks to Daniel and John for highlighting these).
>
> BTW, I've moved this to the TLS working group, because this is an active
> topic there and I don't see anything in my email that SAAG needs to concern
> itself with.
>

I think the reason John cc saag was that the request was more generic, that
is not only focused to TLS, but the current discussion is only TLS
focused.

>
> On Fri, Sep 27, 2019, at 01:00, Daniel Migault wrote:
> > My understanding of deprecating of TLS1.0 TLS 1.1 is that:
> > a) new software do not use these versions
> > b) existing software stop supporting these versions.
>
> That differs from my perspective.
>
> When we release a new version of something, we are sending a message:
>
> 1. new implementations and deployments MUST include support for newer
> versions
> 2. existing implementations and deployments SHOULD be updated to support
> newer versions
>
> When we deprecate an old version of something, we are sending a message:
>
> 3. only use this old version if you absolutely have to
> 4. you are encouraged to take active measures to remove the need to use
> the old version
> 5. you have our support if you decide not to support this old version
>
> I agree that how it should be. That said, if everyone were adopting the
newest version, we would probably do not even need to deprecate oldest
versions which would be phased out by themselves. Forum or standard bodies
are good to define a direction for adopting new version and deprecating old
versions. However, outside these groups, updating a new version is seen as
deployment/development cost and as such, old version tends to remain until
it is explicitly deprecated.


> Now, "support" from the IETF is about as meaningful as you think it is.
> And you can s/MUST/really ought to/ and s/SHOULD/may wish to/ [RFC6919].


> In browser-land, we've decided to form a coalition when it comes to
> removing TLS 1.0/1.1.  3GPP have obviously got their own support group,
> which seems to be functioning effectively, which is great.
>
> > """The expectation is that TLSv1.2 will continue to be used for many
> > years alongside TLSv1.3."""
>
> Some people have that expectation, but I think that John is right to
> challenge it.  There remain reasons that people are sticking with 1.2 for
> now, but those reasons are mostly to do with allowing time to flush out the
> vestiges of a dependency on some of the TLS 1.2 idiosyncrasies.
>
> I believe that for a significant number of deployed software the reason to
stick to TLS 1.2 is that it works with TLS 1.2,  TLS 1.2 is not deprecated
and still supported (=not deprecated). However I would be happy to be
wrong.


> I would advocate for removing this statement and any residue of that
> sentiment from the draft.  It's speculation and, even if it were true, it
> conveys the wrong message.  The only message I would include is that one
> that is further down the document: "Any newer version of TLS is more secure
> than TLSv1.1."
>
> The opposite would be surprising, but I do understand your point. We could
remain focus on the deprecation, not the adoption of the newest version. My
motivation for explicitly push for TLS 1.3 was to remind your point 1) and
2). I think that would be useful to have these point in one way or another,
but that is only my opinion.

> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email