IETF Logo Mail Archive

Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00

Keith Moore <moore@network-heretics.com> Fri, 01 May 2020 02:59 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B9D93A0A25 for <uta@ietfa.amsl.com>; Thu, 30 Apr 2020 19:59:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLwicAEzo-bZ for <uta@ietfa.amsl.com>; Thu, 30 Apr 2020 19:59:10 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7BB53A0A22 for <uta@ietf.org>; Thu, 30 Apr 2020 19:59:10 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 08F78706; Thu, 30 Apr 2020 22:59:08 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Thu, 30 Apr 2020 22:59:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=8Ld+oeol8Glq9Ey/jXK0BTErd8CNlStQ02Z9bcDVm /g=; b=p8Q9AZbZasVsCz3DWjV2mHOgeNgezP0mxeD2/aWXzrwnzvd+nmFBsT0FY 87NoNczh64VfIymuXGZ5LiimP+lr7QOnTEBU1g9KA2hxdjHEUEMf7aBF1qX34aP8 9inp2VfL5K49wdxAv7y3wG2e7qJxhBzQ2W0D4RwXDwmYZa2UZro7TlU5H0F7dzsq yZLeo+Rv3keImZ1pl3l53HIyHupU7hCWKBmapd9R3eWAdxX4TNav1OVYD0d5d/LM nGONZSfk/ulTcEBmmK6ksvj0lbg0SpFL0JJ2nW3NyFqRK/5XubGwehoKS36ENeeS 6MDYNqu43+oM8riNS4RcX76+kCm9Q==
X-ME-Sender: <xms:fJCrXuqy5KAHjK4Gi5rP6XGxJuKvug58_lYqI6ccCUU6bE251T2GSg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrieeigdeifecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepuffvfhfhkffffgggjggtgfesthekre dttdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepgeffjefhgeevte elueekudefvdeivdekuefhtdeikedvkeetjedvtedvhfeifeeknecuffhomhgrihhnpehi vghtfhdrohhrghenucfkphepuddtkedrvddvuddrudektddrudehnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthifohhr khdqhhgvrhgvthhitghsrdgtohhm
X-ME-Proxy: <xmx:fJCrXnzMQF3MdLKbFNvZMCYWb4pZXTpizr8UDUC68XH8Kqtwz-S93w> <xmx:fJCrXim9d0s8WF73EaPsyl9ci2__42kWcOZzCls0Eo4GKzB2q6RmgQ> <xmx:fJCrXtJOTJw63JrbFhvdXBpsxjLnEqvwc_jWPpuAridnwLGbvMaZYw> <xmx:fJCrXgLZe72wO9aGlR9K_mUXBkk0XLu4-_RvUjSim-V3sFzXP0ziMw>
Received: from [192.168.1.97] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 0745B3280059; Thu, 30 Apr 2020 22:59:07 -0400 (EDT)
To: uta@ietf.org
References: <004801d61bae$08a61590$19f240b0$@smyslov.net>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <dfe39508-b37a-f008-91d3-cb36bcb84ae1@network-heretics.com>
Date: Thu, 30 Apr 2020 22:59:06 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <004801d61bae$08a61590$19f240b0$@smyslov.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/ZTSxCE1q5Qi4qfREMU-qApBzI24>
Subject: Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 02:59:13 -0000

IMO RFC7525 and this new draft both suffer from dubious assumptions and 
make poor recommendations because of those assumptions.  In particular, 
there are many cases for which using an old version of TLS is suboptimal 
and it shouldn't be considered as secure, but it may still be better 
than deprecating old versions of TLS that might be the only ones 
supported by the peer.

People do not always have the luxury of upgrading their clients and 
servers to versions that support the recent TLS.    Some legacy hardware 
has firmware that cannot be upgraded because no upgrades are 
available.   Service providers do not always have the leverage to insist 
that their customers upgrade, or the luxury of abandoning customers. etc.

I therefore find it difficult to make good advice of the form "don't use 
TLS version x.y" that is appropriate across all applications and all 
usage scenarios.   Again, there's an important difference between "don't 
use TLS x.y" and "don't consider TLS x.y secure".

I also think it's odd that there are recommendations like this that say 
"don't support TLS x.y" but say nothing about not supporting cleartext 
for protocols that still have a cleartext mode.   Even SSL 1.0 is 
probably better than cleartext (at least from a security perspective, if 
not from a support burden perspective) as long as it's not trusted to be 
secure.

So in summary, either I don't support adoption of this draft, or I 
support adoption of this draft only to the extent that it can be 
significantly changed.

Keith

On 4/26/20 5:35 AM, Valery Smyslov wrote:
> Hi,
>
> during the last  virtual interim meeting the draft
> draft-sheffer-uta-bcp195bis-00 was presented and the authors asked for its
> adoption.
> The general feeling in the room was in favor of the adoption, however
> the authors were asked to rename it to *-rfc7525-bis.
> The authors have renamed the draft and asked the chairs for its adoption.
> Since our responsible AD thinks agrees that this work is within the charter
> of the WG, the chairs are issuing a formal call for adoption
> to confirm the results we had at the meeting.
>
> This message starts a two weeks call for adoption of the
> draft-sheffer-uta-rfc7525bis-00 draft.
> The call will end up 10 May 2020. Please send your opinions to the list
> before this date.
>
> Please if possible include any reasons supporting your opinion. If you
> support this adoption,
> please indicate whether you are ready to review this draft if it becomes a
> WG document.
>
> Regards,
> Leif & Valery.
>
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email