IETF Logo Mail Archive

Re: [Uta] Any thoughts on draft-rsalz-uta-require-tls13 ?

"Salz, Rich" <rsalz@akamai.com> Wed, 20 March 2024 16:13 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BB2AC14F6B3; Wed, 20 Mar 2024 09:13:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.994
X-Spam-Level:
X-Spam-Status: No, score=-6.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vCBkALaMbSSs; Wed, 20 Mar 2024 09:13:13 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA1BEC14F6A1; Wed, 20 Mar 2024 09:13:12 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42K6C2Wo014892; Wed, 20 Mar 2024 16:13:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=jan2016.eng; bh=w3kIYsDaGLuBi02ElM qn1ydfjENmCv9Hk/obESpeqgc=; b=AIrAvqR2gkgxMj38T7XeR8fNKrGSAthzra I+XsEN37OsQu6TJ5G68VRVsrFGwtt4ogu87rJq38d9JkKadXfjpI9I/yk5M5FV8O A4X1RIn40NJDfDyTxQ4FAU+lHNKZTYVZDhbRgsYKTxvndVbtg1CHndOf7cIDFR0W 2iGER6x2PYpK1X8OJ1l2IUq2zf0ORz0i0uEuFAXL/W0vYn95sZPtcDpNvascx6G5 MeyP4aa5amoMEPJnuUUKyP1j4TekVDVwwgezXmnceAIsomOs2nlo3QzE04omWEOX fIgiXEyMaaUVDNrbYocjBvhFAOjIK9GAk+Ru6SNrYDC9Xvr2N/wg==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3wxr1w1n1b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Mar 2024 16:13:10 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 42KEQVsO013316; Wed, 20 Mar 2024 12:12:51 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.202]) by prod-mail-ppoint4.akamai.com (PPS) with ESMTPS id 3ww6rxa3sd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Mar 2024 12:12:51 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb3.msg.corp.akamai.com (172.27.50.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 20 Mar 2024 09:12:50 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.028; Wed, 20 Mar 2024 09:12:50 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Orie Steele <orie@transmute.industries>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [Uta] Any thoughts on draft-rsalz-uta-require-tls13 ?
Thread-Index: AQHaKGAxILGNPAqQ/EynSFcha8G1sLCcecwAgKTbJ2eAAE99AA==
Date: Wed, 20 Mar 2024 16:12:50 +0000
Message-ID: <C9B0DBDD-5710-4161-9B5E-2984B2E12541@akamai.com>
References: <0F3679CA-6FE8-491E-AF4F-303D39ADCCC1@akamai.com> <CAN8C-_L=P=kkYj3ChqWOm5OXk4rdXjFXWPLTNPJ8Mc+SsbV2MA@mail.gmail.com> <GVXPR07MB96789FF74C839D00549DCF7F89332@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB96789FF74C839D00549DCF7F89332@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.81.24012814
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_C9B0DBDD571041619B5E2984B2E12541akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-20_10,2024-03-18_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxlogscore=999 malwarescore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2403140000 definitions=main-2403200128
X-Proofpoint-ORIG-GUID: 3XkfhbVMpUGBuU4i-RBtf6y1d1buM_6r
X-Proofpoint-GUID: 3XkfhbVMpUGBuU4i-RBtf6y1d1buM_6r
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-20_10,2024-03-18_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 mlxlogscore=999 priorityscore=1501 suspectscore=0 malwarescore=0 lowpriorityscore=0 adultscore=0 clxscore=1011 mlxscore=0 spamscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2403140001 definitions=main-2403200130
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/kFn2j7buK8cJR8HZyFQMb0uw23w>
Subject: Re: [Uta] Any thoughts on draft-rsalz-uta-require-tls13 ?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 16:13:17 -0000

Thanks for the feedback John.  It all seems reasonable (but then again it’s 2am :). I’ll open issues on them shortly.


From: Uta <uta-bounces@ietf.org> on behalf of John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Date: Thursday, March 21, 2024 at 12:30 AM
To: Orie Steele <orie@transmute.industries>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "uta@ietf.org" <uta@ietf.org>
Subject: Re: [Uta] Any thoughts on draft-rsalz-uta-require-tls13 ?

Hi,

I think this should be published asap. A BCP would be even better.

IETF is as usual late:
- NIST requires support TLS 1.3 since 1 Jan 2024. Not just in new deployments but everywhere.
- 3GPP requires TLS 1.3 everywhere in the core network since the first 5G specification (Rel-15, 2018).

- "New Protocols"
I think this should be "new RFCs". Publishing bis versions of old protocols should also require TLS 1.3.

- "TLS 1.2 is in widespread use and can be configured such that it provides good security properties."

This is correct but gives the wrong picture of existing deployments. It is not uncommon with very badly configured and unsecure TLS 1.2.

- "While application layer traffic is always encrypted"

Not uncommon that TLS 1.2 deployments supports NULL encryption.

- "This deficiency may be addressed through proper configuration"

Only if you have a modern TLS 1.2 implementation. An old TLS 1.2 implementation cannot be configured to be secure as it lacks AEAD, extended master secret, and might lack ECDHE, etc.

- "Rather, some extensions are required to provide security."

Also cipher suites with ECDHE and AEAD.

Cheers,
John Preuß Mattsson

From: Uta <uta-bounces@ietf.org> on behalf of Orie Steele <orie@transmute.industries>
Date: Thursday, 7 December 2023 at 03:01
To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Cc: uta@ietf.org <uta@ietf.org>
Subject: Re: [Uta] Any thoughts on draft-rsalz-uta-require-tls13 ?
(chair hat off)

I read the draft, it looks good to me.

OS

On Wed, Dec 6, 2023 at 10:21 AM Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org<mailto:40akamai.com@dmarc.ietf.org>> wrote:
The draft is at https://datatracker.ietf.org/doc/draft-rsalz-uta-require-tls13/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-rsalz-uta-require-tls13/__;!!GjvTz_vk!Qe03CEOyVLnYCrPyB_8NNFOMiy6x9g_d23BSYN6SDXCMKKoOU556fHcht9T7f5QPVgu7F6Nf2JO8jYrEAvTRIxjczsrn$> and it’s maintained on GitHub at https://github.com/richsalz/tls12-frozen<https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-e5e4ba8e3be0422f&q=1&e=88a0ecda-2aaf-4740-a49a-66e650c06005&u=https*3A*2F*2Fgithub.com*2Frichsalz*2Ftls12-frozen__;JSUlJSU!!GjvTz_vk!Qe03CEOyVLnYCrPyB_8NNFOMiy6x9g_d23BSYN6SDXCMKKoOU556fHcht9T7f5QPVgu7F6Nf2JO8jYrEAvTRIyMVui-H$>  There are two documents in that repo.

The draft updates RFC 9325 in the following way:
Any new protocol that uses TLS MUST specify as its default TLS 1.3 (or a higher TLS version, when one becomes stadardized). For example, QUIC [QUICTLS<https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-4172a38ca4bb7e3b&q=1&e=88a0ecda-2aaf-4740-a49a-66e650c06005&u=https*3A*2F*2Frichsalz.github.io*2Ftls12-frozen*2Fdraft-rsalz-uta-require-tls13.html*23QUICTLS__;JSUlJSUl!!GjvTz_vk!Qe03CEOyVLnYCrPyB_8NNFOMiy6x9g_d23BSYN6SDXCMKKoOU556fHcht9T7f5QPVgu7F6Nf2JO8jYrEAvTRI3HUyh5y$>] requires TLS 1.3 and specifies that endpoints MUST terminate the connection if an older version is used.

If deployment considerations are a concern, the protocol MAY specify TLS 1.2 as an additional, non-default option. As a counter example, the Usage Profile for DNS over TLS [DNSTLS<https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-731d02a3479eb30f&q=1&e=88a0ecda-2aaf-4740-a49a-66e650c06005&u=https*3A*2F*2Frichsalz.github.io*2Ftls12-frozen*2Fdraft-rsalz-uta-require-tls13.html*23DNSTLS__;JSUlJSUl!!GjvTz_vk!Qe03CEOyVLnYCrPyB_8NNFOMiy6x9g_d23BSYN6SDXCMKKoOU556fHcht9T7f5QPVgu7F6Nf2JO8jYrEAvTRI-G3w6ks$>] specifies TLS 1.2 as the default, while also allowing TLS 1.3. For newer specifications that choose to support TLS 1.2, those preferences are to be reversed.

One motivation is that TLS is in a call for adoption of a “TLS 1.2 is frozen” draft which specifies that no new features, in particular *post-quantum crypto* will not be added to TLS 1.2. As PQC is now a hot topic, it might be worth firming up the advice to applications.

_______________________________________________
Uta mailing list
Uta@ietf.org<mailto:Uta@ietf.org>
https://www.ietf.org/mailman/listinfo/uta<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/uta__;!!GjvTz_vk!Qe03CEOyVLnYCrPyB_8NNFOMiy6x9g_d23BSYN6SDXCMKKoOU556fHcht9T7f5QPVgu7F6Nf2JO8jYrEAvTRI5FeRWE4$>


--



ORIE STEELE
Chief Technology Officer
www.transmute.industries<https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-a7ff2eb208872658&q=1&e=88a0ecda-2aaf-4740-a49a-66e650c06005&u=http*3A*2F*2Fwww.transmute.industries*2F__;JSUlJQ!!GjvTz_vk!Qe03CEOyVLnYCrPyB_8NNFOMiy6x9g_d23BSYN6SDXCMKKoOU556fHcht9T7f5QPVgu7F6Nf2JO8jYrEAvTRI94V4SnE$>

[Image removed by sender.]<https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-833883293856debb&q=1&e=88a0ecda-2aaf-4740-a49a-66e650c06005&u=https*3A*2F*2Ftransmute.industries*2F__;JSUlJQ!!GjvTz_vk!Qe03CEOyVLnYCrPyB_8NNFOMiy6x9g_d23BSYN6SDXCMKKoOU556fHcht9T7f5QPVgu7F6Nf2JO8jYrEAvTRI0J_p3iq$>

v2.23.0 | Report a Bug | By Email