Re: [Uta] Proposed draft
Sean Turner <sean@sn3rd.com> Sat, 06 October 2018 01:53 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DDFD130DCA for <uta@ietfa.amsl.com>; Fri, 5 Oct 2018 18:53:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tozTEwg08DIe for <uta@ietfa.amsl.com>; Fri, 5 Oct 2018 18:53:17 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09CD9130DC3 for <uta@ietf.org>; Fri, 5 Oct 2018 18:53:17 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id u34-v6so15817345qth.3 for <uta@ietf.org>; Fri, 05 Oct 2018 18:53:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zUYOsNPnOz+pw6+necptJYeggZ9mD7IaV0v8W5GdIJw=; b=JDQo/fXKdeZYawWCwu6bOrr9V35uy+3SYxRkqmEks8buevlwIF8KbqKRkn5c8PINlU +OhzQyZQtOHpmray04Gn0/SuziaRpyy0fWePfm4yAojEkgKetMqzMFmP93lg90qnnUGi lcJsDk8K1alAh6KaUIuvspbzA7OIlH36OThes=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zUYOsNPnOz+pw6+necptJYeggZ9mD7IaV0v8W5GdIJw=; b=WeY2L2bGztJ5z7XtaAlFpv/ZmlOPTBkjBAfeDR1+kX8a0rtXZXCRu6bInBoaYpUPHa RlLRjh+24PyDuq7XWEaeElj77a8srLGAc2AFfwfU3gV0PCvxIEjp4fpf3bTXJIoUASSD nE+Nx5Pbri8MHwjSlkhdKUZJ9YvDdw3dS4vpy7HOH7VOcVU/6hq9LPNuM7nJMpvB37yE OYbkdiQMqOvu/rYHYkg3dcm2O1OfWaVjbag25UpJc6F50SJ697Ei8v1qtiXakcwN/Xlq xXreGfioeKlxHAvqW6z2o+7vBvTLf+GiMGxQRBPAcTFIu+nq3uarfTMClKtsLAYVKiGt DCHw==
X-Gm-Message-State: ABuFfoj9uhfFR30IwAcyeb6uJ3BL5o8fukuKwzGc/N43tk46kfkBWT1L a1j2ABTdtikAHuqbS1tbdJsrqQ==
X-Google-Smtp-Source: ACcGV61w38FDLqbhigBszMprtplxWMhk2pbQVzBUhS8JMobdkYlUUy4WuBwGvlVSluZuPMUjolbIwg==
X-Received: by 2002:a0c:af86:: with SMTP id s6-v6mr11848676qvc.102.1538790796172; Fri, 05 Oct 2018 18:53:16 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.224.191]) by smtp.gmail.com with ESMTPSA id f11-v6sm4522445qto.10.2018.10.05.18.53.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Oct 2018 18:53:13 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CAOp4FwT5RXsed9w_P67VNqroHObMVA8=sdu0MJjJg7F4V2bXpw@mail.gmail.com>
Date: Fri, 05 Oct 2018 21:53:11 -0400
Cc: uta@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B47EC482-BE7B-4C4C-B37B-57FF8EE52436@sn3rd.com>
References: <CAOp4FwTiBEShDSn6OnSQhZSFu+ED3GHBXQhXqz-nZmn_d5doQg@mail.gmail.com> <CAOp4FwT5RXsed9w_P67VNqroHObMVA8=sdu0MJjJg7F4V2bXpw@mail.gmail.com>
To: Loganaden Velvindron <loganaden@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/LJLOs-FbZEsB93jHenlnbTkXF68>
Subject: Re: [Uta] Proposed draft
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Oct 2018 01:53:20 -0000
Mostly just nits/style comments assuming that this moves as fast as ID.tls-oldversions-deprectate. 0) Add updates header “Updates: RFC8314” 1) Title TLS is now in the RFC editor’s abbreviations list so the title can now be: Use of TLS for Email Submission and Access 1) Introduction r/recommended for/recommended version for r/draft-ietf-tls-oldversions-deprecate/[ID.tls-oldversions-deprectate] and add normative reference to: [ID.tls-oldversions-deprectate] Moriarty, Farrell 2) If I were doing this I would do and OLD/NEW style as below. For the shorter changes, you don’t need it but for the s5 and s5.1 changes I was like what one earth are they changing. E.g.: Table of Contents OLD: 4.1. Deprecation of Services Using Cleartext and TLS Versions Less Than 1.1 NEW: 4.1. Deprecation of Services Using Cleartext and TLS Versions Less Than 1.2 Section 4 OLD: As soon as practicable, MSPs currently supporting Secure Sockets Layer (SSL) 2.x, SSL 3.0, or TLS 1.0 SHOULD transition their users to TLS 1.1 or later and discontinue support for those earlier versions of SSL and TLS.” NEW: As soon as practicable, MSPs currently supporting Secure Sockets Layer (SSL) 2.x, SSL 3.0, or TLS 1.0 SHOULD transition their users to TLS 1.2 or later and discontinue support for those earlier versions of SSL and TLS. etc. 3) s5 changes I’d just change the sentences: OLD: If, however, an MUA provides such an indication, it MUST NOT indicate confidentiality for any connection that does not at least use TLS 1.1 with certificate verification and also meet the minimum confidentiality requirements associated with that account. NEW: If, however, an MUA provides such an indication, it MUST NOT indicate confidentiality for any connection that does not at least use TLS 1.2 with certificate verification and also meet the minimum confidentiality requirements associated with that account. 4) Terminology Section Since you do have 2119 language and you want to avoid the ID-nits you probably need a “Terminology Section” with the following text: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 5) A little love for tls1.3 So like we published 1.3 so it can’t hurt to add the reference: r/MUAs MUST implement TLS 1.2 [RFC5246] or later/MUAs MUST implement TLS 1.2 [RFC5246] or later, e.g., TLS 1.3 [RFC8446] 6) References Since you’re downgrading 1.1 should we move it to an informative reference? Again to avoid ID-nits I guess add 1.1 as an informative and TLS 1.2 and 1.3 as normative? 7) Sec Cons I’d probably add something like see [ID.tls-oldversions-deprectate] for why 1.1 is being deprecated. spt > On Oct 2, 2018, at 06:24, Loganaden Velvindron <loganaden@gmail.com> wrote: > > On Fri, Sep 21, 2018 at 3:12 PM Loganaden Velvindron > <loganaden@gmail.com> wrote: >> >> Dear UTA folks, >> >> Please find the link here >> (https://www.ietf.org/id/draft-lvelvindron-tls-for-email-00.txt) for >> the draft for Switching the minimum requirement for TLS in mail from >> TLS 1.1 to TLS 1.2. This is inline with what is happening here: >> https://github.com/tlswg/oldversions-deprecate/blob/master/draft-ietf-tls-oldversions-deprecate.txt >> where TLS 1.0 and TLS 1.1 are deprecated. >> >> >> Feedback welcome. >> > > ping. > >> Kind regards, >> //Logan >> C-x-C-c > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta
- [Uta] Proposed draft Loganaden Velvindron
- Re: [Uta] Proposed draft Loganaden Velvindron
- Re: [Uta] Proposed draft Sean Turner
- Re: [Uta] Proposed draft Loganaden Velvindron
- Re: [Uta] Proposed draft Loganaden Velvindron