Re: [TLS] prohibit <1.2 on clients (but allow servers) (was: prohibit <1.2 support on 1.3+ servers (but allow clients))

Xiaoyin Liu <xiaoyin.l@outlook.com> Fri, 22 May 2015 13:16 UTC

Return-Path: <xiaoyin.l@outlook.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 079D91B2BC2 for <tls@ietfa.amsl.com>; Fri, 22 May 2015 06:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.001
X-Spam-Level: *
X-Spam-Status: No, score=1.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wQ02-o0BeiXK for <tls@ietfa.amsl.com>; Fri, 22 May 2015 06:16:37 -0700 (PDT)
Received: from BAY004-OMC3S28.hotmail.com (bay004-omc3s28.hotmail.com [65.54.190.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBB9F1B2BB8 for <tls@ietf.org>; Fri, 22 May 2015 06:16:37 -0700 (PDT)
Received: from BAY180-W65 ([65.54.190.187]) by BAY004-OMC3S28.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Fri, 22 May 2015 06:16:37 -0700
X-TMN: [WPVmCGVcSC723X4e6Z6nodpS6flWNFQ3]
X-Originating-Email: [xiaoyin.l@outlook.com]
Message-ID: <BAY180-W6504FD510877D4F7EA268BFFC00@phx.gbl>
Content-Type: multipart/alternative; boundary="_4d660015-7d32-4216-918a-2d76a3135080_"
From: Xiaoyin Liu <xiaoyin.l@outlook.com>
To: "tls@ietf.org" <tls@ietf.org>
Date: Fri, 22 May 2015 09:16:37 -0400
Importance: Normal
In-Reply-To: <BAY180-W84E3427980075C802F07A5FFC00@phx.gbl>
References: <201505211210.43060.davemgarrett@gmail.com>, , <20150522025214.GA21141@typhoon.azet.org>, , <CAHOTMVJ1i+h3x8UShLhku5VcFiB4RRrUmPZL6cz7LnHMeHzAFA@mail.gmail.com>, , <201505212304.11513.davemgarrett@gmail.com>, , <20150522032029.GA24064@typhoon.azet.org>, <BAY180-W75D5FCD1F9DD4B5C4A729BFFC00@phx.gbl>, <9A043F3CF02CD34C8E74AC1594475C73AB029584@uxcn10-tdc05.UoA.auckland.ac.nz>, <BAY180-W84E3427980075C802F07A5FFC00@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 22 May 2015 13:16:37.0759 (UTC) FILETIME=[88A778F0:01D09491]
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/zSEe1bWWRD6rr1RyXc_t16Wa4r4>
Subject: Re: [TLS] prohibit <1.2 on clients (but allow servers) (was: prohibit <1.2 support on 1.3+ servers (but allow clients))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 13:16:39 -0000

From: pgut001@cs.auckland.ac.nz
To: xiaoyin.l@outlook.com; azet@azet.org; davemgarrett@gmail.com
CC: tls@ietf.org
Subject: RE: [TLS] prohibit <1.2 on clients (but allow servers) (was: prohibit <1.2 support on 1.3+ servers (but allow clients))
Date: Fri, 22 May 2015 12:30:49 +0000










>So if some sort of BCP is published, it should explicitly target browsers and

>web servers where this kind of upgrade/change is possible.  Telling people to

>throw away their PLCs and replace them with new ones isn't going to fly.

 Agreed! Xiaoyin