IETF Logo Mail Archive

Re: [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09

Peter Saint-Andre <stpeter@stpeter.im> Thu, 14 July 2022 00:20 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1649EC157B32; Wed, 13 Jul 2022 17:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.127
X-Spam-Level:
X-Spam-Status: No, score=-2.127 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=jWML/n7R; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ycYK9hG2
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cS3ugytCDvM5; Wed, 13 Jul 2022 17:20:52 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0FFAC14CF10; Wed, 13 Jul 2022 17:20:51 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id C1CDC5C0106; Wed, 13 Jul 2022 20:20:49 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 13 Jul 2022 20:20:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1657758049; x= 1657844449; bh=YCMZWaAJ19IdtDrQrIVtFLYQQkzWEcFDbZ7D5WSjAFs=; b=j WML/n7Rcf0sAFrBNw34RhAmJ7SCNN7377x3Hn7+25uF3Iiv5cggn4APoqtSgPHs8 cR6rkmlAJ9EvHDQXjGL/QTDE7AGp1OoaEc1B8sJG21t4YkB3SzzejTWkMNLJVfEW qEH7zyDC/teWIiBwYp6pcFVl7Rco4wSuUFSFJFzzX0urvDgBB8+dOJod8b6PAMLy +bV6TvZM7cntZfH33yhX2lRQ8l13s9XwZkiT4jZ4ZZbiompGf9mMRSdzbeXxN0vo kVx//ZlA2HgCEpMOuKXIY4jC6dIv10Wr8nFotfw7MVZVCpKJrbztj1+RaFjNZIMc EXY6dcprUcpGlCeHjtzWw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1657758049; x= 1657844449; bh=YCMZWaAJ19IdtDrQrIVtFLYQQkzWEcFDbZ7D5WSjAFs=; b=y cYK9hG2t/+ia4wD5167EGug7mURiTW6NiNGZOnjbo4QpOImGHuJmOZPTXWQ9Y1pK c34HcyZ0TAnnbdqgC4u7VjUaUpp8x9qgNxsV1GqsdKXtXaVwNW4lAp3FfLtn5JCv 9i3GNUULx20w2ilDDCW5nYXPolYv37tD3ZNxE7S7HmC0+D0F0ZPrsUrU7i8347TU 6GVwFrY+OcXTkIM5gV1Py5DpouAlE222h10HvOPXgfKiCxcA6dM/ucX943ovOlqP lKsvO9NHhO+h+DYEtGP9eymLGXfYK5feGIBM1zUctnBlsM2+usDUUtlEa4JNASBn 6jKyAt7OELG2jZzvAAARw==
X-ME-Sender: <xms:YWHPYrHJg9sQWBuXRHSaeSdtM-QGtBozoljdkokkd9udEY16UoUOiw> <xme:YWHPYoUCdJPVHG6rzGLoOTjkutN-a2a57knLzZxxUW_8OocIZSckI5K-ijZs4W1C0 c8WeSTy6BcCZqtMkg>
X-ME-Received: <xmr:YWHPYtLopKLfbNKvi1DVTwimHpLXTNB_MeSI5Ei2ahTZdSm3z_Fvgpgtw5ZJ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudejkedgfeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfvfevfhfhufgjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght vghrucfurghinhhtqdetnhgurhgvuceoshhtphgvthgvrhesshhtphgvthgvrhdrihhmqe enucggtffrrghtthgvrhhnpedttdfgueeuiedtteeuieekhefhfeevleeihfevgfdtudef vdduveevieevgfetteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehsthhpvghtvghrsehsthhpvghtvghrrdhimh
X-ME-Proxy: <xmx:YWHPYpE532ukepHoikqnFrWa9VArdmsXTDh-kj8Tr0Py9iSdDCogmw> <xmx:YWHPYhWNs4dhhEfQ2aTW2fdadSOFDBc3cmPgO_XjdIzRtwfqNP-wgQ> <xmx:YWHPYkOMdt5p9J5_6AAfqTXbSH5Ap7d0o5PPIDvoEAaLThbPGifq-A> <xmx:YWHPYjL9qjPAymB-AKjP_LF-ewdan3n2bEl4poczx9mVhnFxG0LZlQ>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 13 Jul 2022 20:20:48 -0400 (EDT)
Message-ID: <cd793161-3535-41f8-a6f3-ed5b160048c6@stpeter.im>
Date: Wed, 13 Jul 2022 18:20:48 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: "Salz, Rich" <rsalz@akamai.com>, Rob Sayre <sayrer@gmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-uta-rfc7525bis.all@ietf.org" <draft-ietf-uta-rfc7525bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "uta@ietf.org" <uta@ietf.org>
References: <165766858084.5251.12485129434316295805@ietfa.amsl.com> <b24e2934-200f-4f80-5261-aa2a977da39b@stpeter.im> <CAChr6Syq+uOTJsvqWuSustq_HdTaXCtDepyCuRWx+jGoEB06Fw@mail.gmail.com> <CAChr6SzkAmbjGK4XOwPkSwssLoG4NW1yG-6b2aFdFr43yF2zwQ@mail.gmail.com> <c516d0e4-f477-a4fb-2638-3615434f48f2@stpeter.im> <CAChr6SwgwknvgAycr6s=6tCRQZoZdiJxRXJpoTejEcW7g+bv=A@mail.gmail.com> <359BC9EA-FB6D-49E8-8CA6-AA395114838B@akamai.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <359BC9EA-FB6D-49E8-8CA6-AA395114838B@akamai.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/kD904GP7e4QC2XMRe-JhV9BF6zM>
Subject: Re: [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 00:20:57 -0000

On 7/13/22 3:00 PM, Salz, Rich wrote:
>   * It is definitely the "BCP" already--there are good reasons not to
>     support TLS 1.2 on a server, and good reasons for clients not to
>     connect to a server that negotiates it.
> 
> What are they?

Good question.

This document has been through two WGLCs and IETF Last Call, and is now 
in IESG review. It seems somewhat late in the process to be making a 
controversial change like deprecating TLS 1.2 *in this document* given 
that as far as I can see there is no IETF consensus to do so (e.g., such 
a consensus could be established by publishing an RFC that declares TLS 
1.2 to be obsolete, as RFC 8996 did for TLS 1.0 and TLS 1.1). IMHO we 
could take this step whenever we publish rfc7525ter (the document that 
obsoletes draft-ietf-uta-rfc7525bis, whenever that happens).

Peter

v2.23.0 | Report a Bug | By Email