Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)

Rob Sayre <sayrer@gmail.com> Mon, 18 July 2022 21:46 UTC

MIME-Version: 1.0
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 18 Jul 2022 14:45:54 -0700
Message-ID: <CAChr6SzWuaOAw-djX0d=oUOWTnKm-WHZVLcnK=tCdise5uiq9A@mail.gmail.com>
To: uta@ietf.org, Martin Thomson <mt@lowentropy.net>
Content-Type: multipart/alternative; boundary="00000000000083e40505e41b4b9e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/3GjnYUjeSAm4hAloXIOuCfduE5w>
Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
Precedence: list

Martin Thomson wrote:
> But I don't think that you can drop TLS 1.2 today without some care and
that approach is not really generally applicable.

I don't think this statement is true. For example, one could easily write
an iOS or Android app, and only communicate with big cloud providers or
CDNs [0]. I agree that TLS 1.2 support can be described, but it is not the
case that TLS1.3-only implementations [1] fail to follow best practices in
any meaningful way. The handshake and key schedule [2] are different, so it
can make sense to drop 1.2.

Maybe the question should be flipped. Why is supporting TLS 1.2 a best
practice? It's true that dropping support for any protocol version will
lead to problems with implementations that aren't actively maintained.
Surely the document could just say that?

thanks,
Rob

[0]
https://www.f5.com/labs/articles/threat-intelligence/the-2021-tls-telemetry-report
[1] https://github.com/facebookincubator/fizz
[2]
https://github.com/rustls/rustls/blob/52e053e48b44c9c7d50df56f1c23898f4cf26231/rustls/src/tls13/key_schedule.rs#L60

[Uta] Robert Wilton's Discuss on draft-ietf-uta-r… Robert Wilton via Datatracker
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Martin Thomson
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Martin Thomson
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Sayre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Sayre
Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)