IETF Logo Mail Archive

Re: [Uta] FW: New Version Notification for draft-rsalz-uta-require-tls13-00.txt

Peter Saint-Andre <stpeter@stpeter.im> Thu, 05 October 2023 23:21 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863FBC151067 for <uta@ietfa.amsl.com>; Thu, 5 Oct 2023 16:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b="d9JCYIY1"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="Mmkzdao8"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v2uWekdtWAyn for <uta@ietfa.amsl.com>; Thu, 5 Oct 2023 16:21:52 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EAA0C151081 for <uta@ietf.org>; Thu, 5 Oct 2023 16:21:51 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id C8D703200A86; Thu, 5 Oct 2023 19:21:43 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Thu, 05 Oct 2023 19:21:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm3; t= 1696548103; x=1696634503; bh=WxbSJozvZP5p+dLxmcaalMAahYjnpqwmM5v tP8fAZt0=; b=d9JCYIY1n4BPpWG1l3MHTsVSUpIoaiEFYvcuGcOhsCxOkTnFQCe Na+QchXM8oSPELH8bLOVll2hNOU3eH7ny8AZXRNSfw0/5cEaT+8rMiVV/c/Ta3dq CCM3cWHZnySE55SXre1EeC1uLVVroXWZRVphzjp584haViArNOdQ94RdyO9vV2QB FsMG9TisTacPYnMwvv3Q/Pt0dMtvxOC+MLtalcMwPeothZGh1OCyKbfIxNn1ae27 eQ5EIe9byNVdAD78qdJr0vAtXJzFAsWtlU5mYjddNhv7YZbh/AImb6jLobJeXotm queACImfRL6DDPmplgpJk4GxifewRqnZkAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1696548103; x=1696634503; bh=WxbSJozvZP5p+dLxmcaalMAahYjnpqwmM5v tP8fAZt0=; b=Mmkzdao8aGRuqOpynbc9nU0xD37IGITBn63pxEB9wUOKgIIbk1C 2y+nZDnDVMOXGYrOsjJHaIXLuA4EbbaNJ6hGY7Ss8NnDxs+pAPO801Zx7wHwvYPW Vngsc+qlDCpOtIqDiCi4nwW8L7WTrs1/Ue/J2QUK+5ivboIdc/k+FFK2adH82qGR m9o8oyg8rM+kcojhqQrXUzYCx0Dx3CQe2n2W2+LIU1raO1A2YAf49NGddm5fmoab YTlmw7nOMj0CSQaPJj1kSx55sXieOcoZrDfJgGChPip6kqSHKlyoNMIlhxaYJsoE dptW0iB1WZ3oSNFZ/eNE7DqENdM+LPwcC8w==
X-ME-Sender: <xms:B0UfZWC_yf6PYLOrYpydoS7pXFhkHFfxUM1SlHBcV6a6A0rQHQ5wDQ> <xme:B0UfZQjYTLLuzOF84YFr5SiMhNNnVu9031rkMU23YsRAn3L5HMswimFWsXfVF6TZY dBdIcCstG-7GcORjw>
X-ME-Received: <xmr:B0UfZZmDjwM4Lo-zGuJ2-J1mIgLl8mXvQfbm4Qvk7ye74sejgie2OaHU_UIk1LUs>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrgeehgddvtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefkffggfgfuvfevfhfhjggtgfesthejredttddvjeenucfhrhhomheprfgvthgv rhcuufgrihhnthdqtehnughrvgcuoehsthhpvghtvghrsehsthhpvghtvghrrdhimheqne cuggftrfgrthhtvghrnhepjedttefgudduteeluddtveekffdutddttdfggfejkeduueel leffheehhfeggfetnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepshhtphgvthgvrhesshhtphgvthgvrhdrihhm
X-ME-Proxy: <xmx:B0UfZUzqRbj46RvkZQ4nAovq0pSppTPXs6hhkcHxopP09QF5h6LpdA> <xmx:B0UfZbTOmGjNy5L_m1epwuXL63zX9mIAVnmCTKJim_iFqLRqDvCBSQ> <xmx:B0UfZfZWnPm8_niFWj0tBNNF75cFwOgv1-eADpKBbkVT2MYqSy-Fdw> <xmx:B0UfZWd-48xSUpgxVt23FW8i8EWuBF_46yH8DLzvBZWPOw9Vpj_Wiw>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 5 Oct 2023 19:21:42 -0400 (EDT)
Message-ID: <ddd99c92-16c1-414f-bf38-a4c548a3f7aa@stpeter.im>
Date: Thu, 05 Oct 2023 17:21:41 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "uta@ietf.org" <uta@ietf.org>
Cc: Nimrod Aviram <nimrod.aviram@gmail.com>
References: <169653461006.25909.8581177979870745078@ietfa.amsl.com> <7AC2CDBE-DDC5-4384-A087-04976807A801@akamai.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
Autocrypt: addr=stpeter@stpeter.im; keydata= xsFNBFETDzsBEAC0FOv1N3ZJzIIxN6cKD475KVS9CHDPeYpegcOIPnL5eY1DCHeh/IwS1S7R CePtmiybNoV9FsI4PKUknzXQxA6LVEdAR/LUlhgJKjq+gsgp8lqbEILhg13ecH66HwLS9rar bQkC47T7kL8miIPBFC6E3A4Lq1L+eueO6UcLhKgoYkMxOjdiWrMgKTnVpch5ydLkPm/z0Zo8 zRgqlPuTLeCrXXZYnjHXLVFN2xy04UzOs7P5u5KVfx5Z7uQisr8pXtyLd6SpTZo6SHgKBv15 uz0rqXhsJojiGtOXfWznAjaS5FUOORq9CklG5cMOUAT8TNftv0ktsxaWDL1ELDVQPy1m7mtz o+VREG+0xmU6AjMo/GHblW1UU7MI9yCiuMLsp/HLrFuiosqLVZ85wuLQ2junPe3tK8h15Ucx IXAcpQ1VqIaDQFbeuLOXJTF8YHpHdpHYt/ZM1ll7ZBKGAo8yd7uF7wJ9D3gUazwdz9fFjWV7 oIk7ATwOlFllzmWDn+M2ygbHOGUGMX5hSaa8eDSieiR2QoLdn27Fip7kMBTJ2+GISrfnJTN/ OQvmj0DXXAdxHmu2C4QgmZbkge35n129yzXn9NcqzrGLroV62lL3LgX6cSbiH5i7GgWY6CAP b1pMogV0K475n9FvOSDRiG4QSO5yqKiA3OP5aKrIRp2TNAk4IwARAQABzSZQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBzdHBldGVyLmltPsLBeQQTAQIAIwUCURMPOwIbAwcLCQgHAwIB BhUIAgkKCwQWAgMBAh4BAheAAAoJEOoGpJErxa2p6bgQAKpxu07cMDOLc4+EG8H19NWXIVVy bOEvfGuHYZaLKkPrhrMZwJiOwBpyISNRt9qzX1eLCVaojaoEVX6kD8MGc5zKFfiJZy3j7lBW l+Ybr7FfXYy2BbAXKx49e1n6ci9LmBrmVfAEaxtDNPITZ9N9oUAb9vS0nrG036EwteEHAveQ vlDjO7lhz6+Cv7lZQgBj9rZ6khfcQ4S3nSCQaKLQ9Iav4fqxI7SfuPKnx6quHX3JNLGnVo3w l+j/foCK0iTrmtHxCI3kc/bx6g32pRjHEPX0ALMBhmzU2uca+TE0zCEC96mgYXAUCwdnCFWy beIEbt6pz65iML13kAVAq0H/GqncnMGN0MbOatnw1Tdz/vkLojIy7QbPcQ0plUFxv5491xPf IrHhOWdRXp6WUt88fcqhT6MHZpVRtusj2ornKVVn+Y0GLsMMCTcrXJRG7Ao1YV72t/pJpzfG WSaaxolxDIZ6B+76jrIhUhiWgo/4nf+DN6BIlCZQ6j6xxjjx462cu02kuhIILTk2pzaMOufT BWx0uJhZk/KP2Fay/41pX7pvVOwRC4uIlKsLnJKLPS7EDa4BUUxENfd/9LqOGwlII8BbSe98 PLMI8sXkcigc3UXMVda9ll0YhQa+lbP1NaszmnBhwuiCsgnPGbImsJuRzgEEgckwP/dNeyr6 MlFMyfaezsFNBFETDzsBEADBzOsEHpUmhkRUjH9Tek87dn5P/Yh/L/HptgCGk40TL/C+kYdk d3HyteMEf061PNmsS/Rq8k37Fu3VODYb9SPYKxtgksKSYUtIkPKvao09K9QNWPqyWuNf0F+i AjVMUudaEVFJ7bHF310RDwLY5IvLeCXxtvG+Vv/i+g77d2WdPDp+zLJ8306C4yBKjSJV8xW0 cn2fd7NviIEN6cNHTsZNDZVMlgYPrxnwSq8GTEPGC7HsLIwGcx3hIe9QjnPw9CpAmQENpDEy WcxgF5uwo2NJECoDswKz1Nb0gfawF3ZIbD+GcLujTu94iJuVg25jATWm9wTgcfZo4UPllRGX dIb8uWwUFQlLQgd4ROLZZtXNGmHIymJrV2crx53gxup+1j0XqhlzKg8xbImWhEfS9oHZkRK8 VHgmWSIt7TNwNir6N5j3lqwWVBhnu6GzF01sKGNySlqNRbd0fqhakCkK71b8ot8tYTcYG5Lg 10z6HTbgQx2UwLthUjqbblDQ+GLmrOhiWklLXRsnlnPMwnEyFePAnsT5tasy2Cn9qjpttNDa h7PB8iFUi9mtTF/XDVgpFaB5G3CDV7Q2NgbAI6g6QhLIAmXzSP635G83mda0TKXHQXHDyLJT Tn+WVFU7t4m4uLt+0DsWU8jXHQWyUTNG9WPUrXhusDUAPHxFCQ/n/lQVBwARAQABwsFfBBgB AgAJBQJREw87AhsMAAoJEOoGpJErxa2pqfgP/ApN+TRu2bBIgaw1dr3AznSSha84DIpXUDh3 udZvQrGbUtz8/mA+e3iZEN/cmmBw2LGlAuQoJNILTZQ318yTP+E5QU7fJH7FVsohUyvrMfyt 3IMA9jg0Z9MuloLezvIjjMfFeNa0ROgDb/ubOT7JQzi1kwN8Lu3lO80HwqBHXEeOLoislUSn ZajRKvITbKWkZ6PHRjlMw1Wk4oIi6VLHgGgj79zzL3uhML2663m7imShvz1QcHTwvyR5i8cZ bNOEkotZyERiA1p7YHuruS+QvTi3ZPoQbnMUB3a7py9d11bw1+w3LiAUGZE/z5hBWOFxYtw+ w/U/Vx0BwJGYlwU3M2W20uEXe+qxz7wnakygKjmLiD2z4njfKjcNCiV3FmXrpmWgADln1c4j fxDh0NrndrsM8FPDf1TMPtOZgFDkKripc9xkZ/25P6xn27oTOHWKcAC0QhxSH+HuVBBRk8Ag F+zAbDZe4/L6+kanSrycIXW+wCzwBq61aWsz2QhhuKjozVkhk4dRG+CfjzAFjnyxwYERn3uX VKQAwTwcdNcTI9RV98IsNrw9Y4lJEAg6CjNPmiD5+EASycqaOuToRSGukr8sOQLWLPyTnez/ aG8Xf7a+fntWzK2HuDYoSDhJJrylWw/lMklOBm4wtMeNA0zcQH6AQV/GzQVQkSGqrLuMVIV/
In-Reply-To: <7AC2CDBE-DDC5-4384-A087-04976807A801@akamai.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/jkj0nSxHybzX0KrDwYxgfYvxfAg>
Subject: Re: [Uta] FW: New Version Notification for draft-rsalz-uta-require-tls13-00.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2023 23:21:57 -0000

Hi Rich,

OK, now I'm commenting on the appropriate document:

On 10/5/23 1:42 PM, Salz, Rich wrote:

> Name: draft-rsalz-uta-require-tls13
> Revision: 00
> Title: New Protocols Must Require TLS 1.3

RFC 9325 / BCP 195 states:

    *  New transport protocols that integrate the TLS/DTLS handshake
       protocol and/or record layer MUST use only TLS/DTLS 1.3 (for
       instance, QUIC [RFC9001] took this approach).  New application
       protocols that employ TLS/DTLS for channel or session encryption
       MUST integrate with both TLS/DTLS versions 1.2 and 1.3;
       nevertheless, in rare cases where broad interoperability is not a
       concern, application protocol designers MAY choose to forego TLS
       1.2.

       Rationale: Secure deployment of TLS 1.3 is significantly easier
       and less error prone than secure deployment of TLS 1.2.  When
       designing a new secure transport protocol such as QUIC, there is
       no reason to support TLS 1.2.  By contrast, new application
       protocols that reuse TLS need to support both TLS 1.3 and TLS 1.2
       in order to take advantage of underlying library or operating
       system support for both versions.

That text was carefully crafted here in the UTA WG and became IETF 
consensus as of ~1 year ago.

IMHO any document that modifies the consensus can't be informational and 
must instead update RFC 9325 and become part of BCP 195.

Further, such a document should indicate precisely how it has modified 
the consensus in RFC 9325, which draft-rsalz-uta-require-tls13 doesn't 
yet do.

Peter

v2.23.0 | Report a Bug | By Email