IETF Logo Mail Archive

Re: [Uta] FW: New Version Notification for draft-rsalz-uta-require-tls13-00.txt

Peter Saint-Andre <stpeter@stpeter.im> Thu, 05 October 2023 21:26 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A066CC151068 for <uta@ietfa.amsl.com>; Thu, 5 Oct 2023 14:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b="NhYtJlhC"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="BvDTUc/X"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHvzIPk-o24y for <uta@ietfa.amsl.com>; Thu, 5 Oct 2023 14:26:08 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43E0EC14F749 for <uta@ietf.org>; Thu, 5 Oct 2023 14:26:08 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 1BAE53200B40; Thu, 5 Oct 2023 17:26:05 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Thu, 05 Oct 2023 17:26:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm3; t= 1696541164; x=1696627564; bh=cDxXaBF/ULNN6smY3wxR+6VxCFPV29h+jMu ikssuCsc=; b=NhYtJlhCPjtbeCJvOgFjYRedAzUCDymCohb8W16vwxz/MtUndIj wwaq5TlSGHf0DybxJTVrCbhxUYJ8hN3XrXo+NNwrVE0y5s1QRQZUmfsBEGZJwgDi OMEUOaiDP7/zoeIpALqwfkRqjn5vHOlb2uX5QoYKfaUzElnTKZ59LpZQJNbNrc9T nFMVZJ2q1KHuh4te4D4EA5pH2ABpQ05OQussGv/VQe+6qzut7e0JfeqvdrZcqjEX Ca61L2LB4ciUHKYbmAWjAHSrWfHnQEPc42YWKraF3OMhcOvNE2DBbQx7dyIz5lfq 48KZ9q8l9geasv90EVUa6IfXkUiT2+ASk5w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1696541164; x=1696627564; bh=cDxXaBF/ULNN6smY3wxR+6VxCFPV29h+jMu ikssuCsc=; b=BvDTUc/XN9qqzgon/hxYv5BNvmfy67FWGS+CxnvrIgFZIFkKBaT 67DlgBZg3c1yQkgyTqy3i0zdfOeunZnv3126IZfPEvu136CRt7juLTOUvEIzkkfl OA7EezmFHOsv/houIKfm/omQTvN+riNyBlo0r8GQ4IEkP5VIlpX1wZcEz5XLHdCZ SWSPJwaU4h4HcusrMM+o/UliTjS6PsyQL6/xR2ab2fzas+IO5Xz8kOAJb/ZOZiO9 IUpHR7uByFop5i/cZL2DAwqrIfEyzFwNzkHxF1jwpdLe2aFWqf2mQS4pWBfFMyWD sjCzqRgAVIUUyvjZQMEmpNm8JHhN3XtT2vw==
X-ME-Sender: <xms:7CkfZbXb3py_WLLSfCfrpVC33flmlIG7QNscIBiSiJMjeHO5h8TJ6Q> <xme:7CkfZTlGGs1mbAGE8bQT2Tgu3yD3tNGCYKRhZw1mAt5ZXQYm1Ztu0qVkZGjNaH7yE Sk3F7ZOCyrp-Vt3IA>
X-ME-Received: <xmr:7CkfZXZ0MxEfKPWCYN5emNmYEXMZyGt99ieKMKqM8mUgLm9-HuCqT5dyQ7f4uA8G>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrgeeggdduheeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvvehfhfgjtgfgsehtkeertddtvdejnecuhfhrohhmpefrvght vghrucfurghinhhtqdetnhgurhgvuceoshhtphgvthgvrhesshhtphgvthgvrhdrihhmqe enucggtffrrghtthgvrhhnpeelueekhfejleetleejhfffjeefudegieeuhfeuhfffkeel veevudfgveelveefleenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepshhtphgvthgvrhesshhtphgv thgvrhdrihhm
X-ME-Proxy: <xmx:7CkfZWUGNoNVPoCfgv2qv6vD56jYFXuUTeVe7eCFemppkXN62UYsvg> <xmx:7CkfZVk7Hx-yoLh3J_Tmh4XeVFsagQvvY3v1I5qVRSGU847A5nVGQA> <xmx:7CkfZTfXkLS8cbBFnxqYwiQUVsSxYnHPPZM7o5lEvDVCQ23pC-hchA> <xmx:7CkfZaz6igDoKotUT6czSYe_O96CbS_5KW8kpzsw7RltWYexFnYCNg>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 5 Oct 2023 17:26:03 -0400 (EDT)
Message-ID: <da190239-a02c-46ce-bf9b-24362d19ccdc@stpeter.im>
Date: Thu, 05 Oct 2023 15:26:02 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "uta@ietf.org" <uta@ietf.org>
Cc: Nimrod Aviram <nimrod.aviram@gmail.com>
References: <169653461006.25909.8581177979870745078@ietfa.amsl.com> <7AC2CDBE-DDC5-4384-A087-04976807A801@akamai.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
Autocrypt: addr=stpeter@stpeter.im; keydata= xsFNBFETDzsBEAC0FOv1N3ZJzIIxN6cKD475KVS9CHDPeYpegcOIPnL5eY1DCHeh/IwS1S7R CePtmiybNoV9FsI4PKUknzXQxA6LVEdAR/LUlhgJKjq+gsgp8lqbEILhg13ecH66HwLS9rar bQkC47T7kL8miIPBFC6E3A4Lq1L+eueO6UcLhKgoYkMxOjdiWrMgKTnVpch5ydLkPm/z0Zo8 zRgqlPuTLeCrXXZYnjHXLVFN2xy04UzOs7P5u5KVfx5Z7uQisr8pXtyLd6SpTZo6SHgKBv15 uz0rqXhsJojiGtOXfWznAjaS5FUOORq9CklG5cMOUAT8TNftv0ktsxaWDL1ELDVQPy1m7mtz o+VREG+0xmU6AjMo/GHblW1UU7MI9yCiuMLsp/HLrFuiosqLVZ85wuLQ2junPe3tK8h15Ucx IXAcpQ1VqIaDQFbeuLOXJTF8YHpHdpHYt/ZM1ll7ZBKGAo8yd7uF7wJ9D3gUazwdz9fFjWV7 oIk7ATwOlFllzmWDn+M2ygbHOGUGMX5hSaa8eDSieiR2QoLdn27Fip7kMBTJ2+GISrfnJTN/ OQvmj0DXXAdxHmu2C4QgmZbkge35n129yzXn9NcqzrGLroV62lL3LgX6cSbiH5i7GgWY6CAP b1pMogV0K475n9FvOSDRiG4QSO5yqKiA3OP5aKrIRp2TNAk4IwARAQABzSZQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBzdHBldGVyLmltPsLBeQQTAQIAIwUCURMPOwIbAwcLCQgHAwIB BhUIAgkKCwQWAgMBAh4BAheAAAoJEOoGpJErxa2p6bgQAKpxu07cMDOLc4+EG8H19NWXIVVy bOEvfGuHYZaLKkPrhrMZwJiOwBpyISNRt9qzX1eLCVaojaoEVX6kD8MGc5zKFfiJZy3j7lBW l+Ybr7FfXYy2BbAXKx49e1n6ci9LmBrmVfAEaxtDNPITZ9N9oUAb9vS0nrG036EwteEHAveQ vlDjO7lhz6+Cv7lZQgBj9rZ6khfcQ4S3nSCQaKLQ9Iav4fqxI7SfuPKnx6quHX3JNLGnVo3w l+j/foCK0iTrmtHxCI3kc/bx6g32pRjHEPX0ALMBhmzU2uca+TE0zCEC96mgYXAUCwdnCFWy beIEbt6pz65iML13kAVAq0H/GqncnMGN0MbOatnw1Tdz/vkLojIy7QbPcQ0plUFxv5491xPf IrHhOWdRXp6WUt88fcqhT6MHZpVRtusj2ornKVVn+Y0GLsMMCTcrXJRG7Ao1YV72t/pJpzfG WSaaxolxDIZ6B+76jrIhUhiWgo/4nf+DN6BIlCZQ6j6xxjjx462cu02kuhIILTk2pzaMOufT BWx0uJhZk/KP2Fay/41pX7pvVOwRC4uIlKsLnJKLPS7EDa4BUUxENfd/9LqOGwlII8BbSe98 PLMI8sXkcigc3UXMVda9ll0YhQa+lbP1NaszmnBhwuiCsgnPGbImsJuRzgEEgckwP/dNeyr6 MlFMyfaezsFNBFETDzsBEADBzOsEHpUmhkRUjH9Tek87dn5P/Yh/L/HptgCGk40TL/C+kYdk d3HyteMEf061PNmsS/Rq8k37Fu3VODYb9SPYKxtgksKSYUtIkPKvao09K9QNWPqyWuNf0F+i AjVMUudaEVFJ7bHF310RDwLY5IvLeCXxtvG+Vv/i+g77d2WdPDp+zLJ8306C4yBKjSJV8xW0 cn2fd7NviIEN6cNHTsZNDZVMlgYPrxnwSq8GTEPGC7HsLIwGcx3hIe9QjnPw9CpAmQENpDEy WcxgF5uwo2NJECoDswKz1Nb0gfawF3ZIbD+GcLujTu94iJuVg25jATWm9wTgcfZo4UPllRGX dIb8uWwUFQlLQgd4ROLZZtXNGmHIymJrV2crx53gxup+1j0XqhlzKg8xbImWhEfS9oHZkRK8 VHgmWSIt7TNwNir6N5j3lqwWVBhnu6GzF01sKGNySlqNRbd0fqhakCkK71b8ot8tYTcYG5Lg 10z6HTbgQx2UwLthUjqbblDQ+GLmrOhiWklLXRsnlnPMwnEyFePAnsT5tasy2Cn9qjpttNDa h7PB8iFUi9mtTF/XDVgpFaB5G3CDV7Q2NgbAI6g6QhLIAmXzSP635G83mda0TKXHQXHDyLJT Tn+WVFU7t4m4uLt+0DsWU8jXHQWyUTNG9WPUrXhusDUAPHxFCQ/n/lQVBwARAQABwsFfBBgB AgAJBQJREw87AhsMAAoJEOoGpJErxa2pqfgP/ApN+TRu2bBIgaw1dr3AznSSha84DIpXUDh3 udZvQrGbUtz8/mA+e3iZEN/cmmBw2LGlAuQoJNILTZQ318yTP+E5QU7fJH7FVsohUyvrMfyt 3IMA9jg0Z9MuloLezvIjjMfFeNa0ROgDb/ubOT7JQzi1kwN8Lu3lO80HwqBHXEeOLoislUSn ZajRKvITbKWkZ6PHRjlMw1Wk4oIi6VLHgGgj79zzL3uhML2663m7imShvz1QcHTwvyR5i8cZ bNOEkotZyERiA1p7YHuruS+QvTi3ZPoQbnMUB3a7py9d11bw1+w3LiAUGZE/z5hBWOFxYtw+ w/U/Vx0BwJGYlwU3M2W20uEXe+qxz7wnakygKjmLiD2z4njfKjcNCiV3FmXrpmWgADln1c4j fxDh0NrndrsM8FPDf1TMPtOZgFDkKripc9xkZ/25P6xn27oTOHWKcAC0QhxSH+HuVBBRk8Ag F+zAbDZe4/L6+kanSrycIXW+wCzwBq61aWsz2QhhuKjozVkhk4dRG+CfjzAFjnyxwYERn3uX VKQAwTwcdNcTI9RV98IsNrw9Y4lJEAg6CjNPmiD5+EASycqaOuToRSGukr8sOQLWLPyTnez/ aG8Xf7a+fntWzK2HuDYoSDhJJrylWw/lMklOBm4wtMeNA0zcQH6AQV/GzQVQkSGqrLuMVIV/
In-Reply-To: <7AC2CDBE-DDC5-4384-A087-04976807A801@akamai.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/tqsrTdjB5mEE3xZ8lsVxul2TCIg>
Subject: Re: [Uta] FW: New Version Notification for draft-rsalz-uta-require-tls13-00.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2023 21:26:12 -0000

Hi Rich,

Although the sentiment is laudable, it's not clear to me:

(1) Who the audience is for this document.

(2) Whether this document is really needed.

If the audience is IETF participants (especially those who could approve 
work items for adding features to TLS 1.2, such as the chairs of the TLS 
WG), then I'm not convinced we need this document. My reasoning is that 
such people (a) already know that it isn't wise to add new features to 
TLS 1.2 (cf. RFC 9325) and (b) don't need an informational RFC to help 
them justify a decision to deny work on new TLS 1.2 features.

If the audience is folks outside the IETF who might design new TLS 1.2 
features (who are these people or SDOs?), then working with them 1:1 
seems more productive than publishing an informational RFC.

tl;dr although I see no active harm in publishing a document like this, 
I also doubt the wisdom of spending WG/AD/IESG cyles on it.

Peter

On 10/5/23 1:42 PM, Salz, Rich wrote:
> Dear UTA WG,
> 
> We would like the WG to adopt this draft.  Last IETF we presented https://datatracker.ietf.org/doc/draft-rsalz-tls-tls12-frozen/ to the TLS WG, and the suggestion was to split out the application-protocol parts and submit it to UTA.  So here you go. The title says it all "New Protocols must require TLS 1.3". Existing protocols MAY use TLS 1.2 but should prefer 1.3
> 
> There is some duplication between this doc and the other one, which we will address once both are adopted.
> 
> On 10/5/23, 3:36 PM, "internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>" <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> wrote:
> 
> 
> A new version of Internet-Draft draft-rsalz-uta-require-tls13-00.txt has been
> successfully submitted by Rich Salz and posted to the
> IETF repository.
> 
> 
> Name: draft-rsalz-uta-require-tls13
> Revision: 00
> Title: New Protocols Must Require TLS 1.3
> Date: 2023-10-05
> Group: Individual Submission
> Pages: 8
> URL: https://www.ietf.org/archive/id/draft-rsalz-uta-require-tls13-00.txt
> Status: https://datatracker.ietf.org/doc/draft-rsalz-uta-require-tls13/
> HTML: https://www.ietf.org/archive/id/draft-rsalz-uta-require-tls13-00.html
> HTMLized: https://datatracker.ietf.org/doc/html/draft-rsalz-uta-require-tls13
> 
> 
> 
> Abstract:
> 
> 
> TLS 1.2 is in widespread use and can be configured such that it
> provides good security properties. TLS 1.3 is also in widespread use
> and fixes some known deficiencies with TLS 1.2, such as removing
> error-prone cryptographic primitives and encrypting more of the
> traffic so that it is not readable by outsiders.
> 
> 
> Since TLS 1.3 use is widespread, new protocols must require and
> assume its existence. This prescription does not pertain to DTLS (in
> any DTLS version); it pertains to TLS only.
> 
> 
> 
> 
> 
> 
> The IETF Secretariat
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email