IETF Logo Mail Archive

Re: [Uta] Proposed draft

Sean Turner <sean@sn3rd.com> Sat, 06 October 2018 01:53 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DDFD130DCA for <uta@ietfa.amsl.com>; Fri, 5 Oct 2018 18:53:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tozTEwg08DIe for <uta@ietfa.amsl.com>; Fri, 5 Oct 2018 18:53:17 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09CD9130DC3 for <uta@ietf.org>; Fri, 5 Oct 2018 18:53:17 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id u34-v6so15817345qth.3 for <uta@ietf.org>; Fri, 05 Oct 2018 18:53:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zUYOsNPnOz+pw6+necptJYeggZ9mD7IaV0v8W5GdIJw=; b=JDQo/fXKdeZYawWCwu6bOrr9V35uy+3SYxRkqmEks8buevlwIF8KbqKRkn5c8PINlU +OhzQyZQtOHpmray04Gn0/SuziaRpyy0fWePfm4yAojEkgKetMqzMFmP93lg90qnnUGi lcJsDk8K1alAh6KaUIuvspbzA7OIlH36OThes=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zUYOsNPnOz+pw6+necptJYeggZ9mD7IaV0v8W5GdIJw=; b=WeY2L2bGztJ5z7XtaAlFpv/ZmlOPTBkjBAfeDR1+kX8a0rtXZXCRu6bInBoaYpUPHa RlLRjh+24PyDuq7XWEaeElj77a8srLGAc2AFfwfU3gV0PCvxIEjp4fpf3bTXJIoUASSD nE+Nx5Pbri8MHwjSlkhdKUZJ9YvDdw3dS4vpy7HOH7VOcVU/6hq9LPNuM7nJMpvB37yE OYbkdiQMqOvu/rYHYkg3dcm2O1OfWaVjbag25UpJc6F50SJ697Ei8v1qtiXakcwN/Xlq xXreGfioeKlxHAvqW6z2o+7vBvTLf+GiMGxQRBPAcTFIu+nq3uarfTMClKtsLAYVKiGt DCHw==
X-Gm-Message-State: ABuFfoj9uhfFR30IwAcyeb6uJ3BL5o8fukuKwzGc/N43tk46kfkBWT1L a1j2ABTdtikAHuqbS1tbdJsrqQ==
X-Google-Smtp-Source: ACcGV61w38FDLqbhigBszMprtplxWMhk2pbQVzBUhS8JMobdkYlUUy4WuBwGvlVSluZuPMUjolbIwg==
X-Received: by 2002:a0c:af86:: with SMTP id s6-v6mr11848676qvc.102.1538790796172; Fri, 05 Oct 2018 18:53:16 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.224.191]) by smtp.gmail.com with ESMTPSA id f11-v6sm4522445qto.10.2018.10.05.18.53.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Oct 2018 18:53:13 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CAOp4FwT5RXsed9w_P67VNqroHObMVA8=sdu0MJjJg7F4V2bXpw@mail.gmail.com>
Date: Fri, 05 Oct 2018 21:53:11 -0400
Cc: uta@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B47EC482-BE7B-4C4C-B37B-57FF8EE52436@sn3rd.com>
References: <CAOp4FwTiBEShDSn6OnSQhZSFu+ED3GHBXQhXqz-nZmn_d5doQg@mail.gmail.com> <CAOp4FwT5RXsed9w_P67VNqroHObMVA8=sdu0MJjJg7F4V2bXpw@mail.gmail.com>
To: Loganaden Velvindron <loganaden@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/LJLOs-FbZEsB93jHenlnbTkXF68>
Subject: Re: [Uta] Proposed draft
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Oct 2018 01:53:20 -0000

Mostly just nits/style comments assuming that this moves as fast as ID.tls-oldversions-deprectate.

0) Add updates header “Updates: RFC8314”

1) Title

TLS is now in the RFC editor’s abbreviations list so the title can now be:
    Use of TLS for Email Submission and Access

1) Introduction

r/recommended for/recommended version for

r/draft-ietf-tls-oldversions-deprecate/[ID.tls-oldversions-deprectate]
and add normative reference to:
[ID.tls-oldversions-deprectate] Moriarty, Farrell

2) If I were doing this I would do and OLD/NEW style as below. For the shorter changes, you don’t need it but for the s5 and s5.1 changes I was like what one earth are they changing.  E.g.:

Table of Contents

OLD:

   4.1.  Deprecation of Services Using Cleartext and TLS Versions Less
   Than 1.1

NEW:

   4.1.  Deprecation of Services Using Cleartext and TLS
   Versions Less Than 1.2

Section 4

OLD:

   As soon as practicable, MSPs currently supporting Secure Sockets Layer (SSL)
   2.x, SSL 3.0, or TLS 1.0 SHOULD transition their users to TLS 1.1 or
   later and discontinue support for those earlier versions of SSL and
   TLS.”

NEW:

   As soon as practicable, MSPs currently supporting Secure
   Sockets Layer (SSL) 2.x, SSL 3.0, or TLS 1.0 SHOULD transition their
   users to TLS 1.2 or later and discontinue support for those earlier
   versions of SSL and TLS.

etc.

3) s5 changes

I’d just change the sentences:

OLD:

   If, however, an MUA
   provides such an indication, it MUST NOT indicate confidentiality for
   any connection that does not at least use TLS 1.1 with certificate
   verification and also meet the minimum confidentiality requirements
   associated with that account.

NEW:

   If, however, an MUA
   provides such an indication, it MUST NOT indicate confidentiality for
   any connection that does not at least use TLS 1.2 with certificate
   verification and also meet the minimum confidentiality requirements
   associated with that account.

4) Terminology Section

Since you do have 2119 language and you want to avoid the ID-nits you probably need a “Terminology Section” with the following text:

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

5) A little love for tls1.3

So like we published 1.3 so it can’t hurt to add the reference:

r/MUAs MUST implement TLS 1.2 [RFC5246] or later/MUAs MUST
implement TLS 1.2 [RFC5246] or later, e.g., TLS 1.3 [RFC8446]

6) References

Since you’re downgrading 1.1 should we move it to an informative reference?

Again to avoid ID-nits I guess add 1.1 as an informative and TLS 1.2 and 1.3 as normative?

7) Sec Cons

I’d probably add something like see [ID.tls-oldversions-deprectate] for why 1.1 is being deprecated. 

spt


> On Oct 2, 2018, at 06:24, Loganaden Velvindron <loganaden@gmail.com> wrote:
> 
> On Fri, Sep 21, 2018 at 3:12 PM Loganaden Velvindron
> <loganaden@gmail.com> wrote:
>> 
>> Dear UTA folks,
>> 
>> Please find the link here
>> (https://www.ietf.org/id/draft-lvelvindron-tls-for-email-00.txt)  for
>> the draft for Switching the minimum requirement for TLS in mail from
>> TLS 1.1 to TLS 1.2. This is inline with what is happening here:
>> https://github.com/tlswg/oldversions-deprecate/blob/master/draft-ietf-tls-oldversions-deprecate.txt
>> where TLS 1.0 and TLS 1.1 are deprecated.
>> 
>> 
>> Feedback welcome.
>> 
> 
> ping.
> 
>> Kind regards,
>> //Logan
>> C-x-C-c
> 
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email