Re: [Uta] [Last-Call] Artart last call review of draft-ietf-uta-rfc7525bis-09

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Sat, Jul 09, 2022 at 02:30:03PM -0600, Cullen Jennings wrote:

> and there is a section labeled "TLS, old and new” which has a table that lists TLS 1.1 at zero. 
> 
> It also references a more specific file at  https://crawler.ninja/files/protocols.txt which currently has the following in that file
> 
> TLS Protocol Versions:
> TLSv1.3 386,472
> TLSv1.2 179,549
> TLSv1.0 515

There's a difference between offering TLS 1.1 and actually in practice
*negotiating* TLS 1.1.  For various timing reasons, many systems gained
support (via e.g. OpenSSL) for both TLS 1.1 and TLS 1.2 in the same
software release.  As a result, such a software stack will in practice
always negotiate TLS 1.2.  You have to go out of your way to elicit a
TLS 1.1 handshake from these systems.

> Again implying 1.1 is at 0. If this is supposed to represent the
> number of sites that offer 1.1, out of the top million, well, I think
> it wrong. I also don’t think what web sites are are offering a given
> version is a very great metric to estimate what non browsers TLS
> client applications are using but that is a different issue. 

Again, offer != negotiate.  Here's an example:

    $ posttls-finger -c -Lsummary -l secure -F /etc/ssl/cert.pem -p TLSv1.1 "[smtp.gmail.com]:587"
    posttls-finger: Verified TLS connection established to smtp.gmail.com[142.251.16.108]:587: TLSv1.1 with cipher ECDHE-ECDSA-AES128-SHA (128/128 bits)

which is far from saying that "smtp.gmail.com" will routinely negotiate
TLS 1.1 when not constrained to a ceiling of 1.1.  Measurements of the
*maximum* supported version very rarely encounter TLS 1.1.

-- 
    Viktor.