Re: [Uta] [Last-Call] Artart last call review of draft-ietf-uta-rfc7525bis-09
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 14 July 2022 19:32 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15C32C15A72C; Thu, 14 Jul 2022 12:32:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptrqx_Ko18-s; Thu, 14 Jul 2022 12:31:57 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBE5DC15791C; Thu, 14 Jul 2022 12:31:37 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 4EFB310970F; Thu, 14 Jul 2022 15:31:36 -0400 (EDT)
Date: Thu, 14 Jul 2022 15:31:36 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org, last-call@ietf.org
Message-ID: <YtBvGDZusaMnIKA8@straasha.imrryr.org>
Reply-To: uta@ietf.org, last-call@ietf.org
References: <165728991008.45773.10659091812976572509@ietfa.amsl.com> <DB9PR08MB65249A319F9E14A76EC424279C829@DB9PR08MB6524.eurprd08.prod.outlook.com> <C2B07B42-7C1A-491F-97C9-BE4E6E9C5B05@iii.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <C2B07B42-7C1A-491F-97C9-BE4E6E9C5B05@iii.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/v88guhBo_Zg-ZFmMPKv8y3DY6EA>
Subject: Re: [Uta] [Last-Call] Artart last call review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 19:32:02 -0000
On Sat, Jul 09, 2022 at 02:30:03PM -0600, Cullen Jennings wrote: > and there is a section labeled "TLS, old and new” which has a table that lists TLS 1.1 at zero. > > It also references a more specific file at https://crawler.ninja/files/protocols.txt which currently has the following in that file > > TLS Protocol Versions: > TLSv1.3 386,472 > TLSv1.2 179,549 > TLSv1.0 515 There's a difference between offering TLS 1.1 and actually in practice *negotiating* TLS 1.1. For various timing reasons, many systems gained support (via e.g. OpenSSL) for both TLS 1.1 and TLS 1.2 in the same software release. As a result, such a software stack will in practice always negotiate TLS 1.2. You have to go out of your way to elicit a TLS 1.1 handshake from these systems. > Again implying 1.1 is at 0. If this is supposed to represent the > number of sites that offer 1.1, out of the top million, well, I think > it wrong. I also don’t think what web sites are are offering a given > version is a very great metric to estimate what non browsers TLS > client applications are using but that is a different issue. Again, offer != negotiate. Here's an example: $ posttls-finger -c -Lsummary -l secure -F /etc/ssl/cert.pem -p TLSv1.1 "[smtp.gmail.com]:587" posttls-finger: Verified TLS connection established to smtp.gmail.com[142.251.16.108]:587: TLSv1.1 with cipher ECDHE-ECDSA-AES128-SHA (128/128 bits) which is far from saying that "smtp.gmail.com" will routinely negotiate TLS 1.1 when not constrained to a ceiling of 1.1. Measurements of the *maximum* supported version very rarely encounter TLS 1.1. -- Viktor.
- [Uta] Artart last call review of draft-ietf-uta-r… Cullen Jennings via Datatracker
- Re: [Uta] Artart last call review of draft-ietf-u… Thomas Fossati
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Cullen Jennings
- Re: [Uta] [Last-Call] Artart last call review of … Thomas Fossati
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Viktor Dukhovni
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [Last-Call] Artart last call review of … Benjamin Kaduk
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [art] [Last-Call] Artart last call revi… Anjam Saqib
- Re: [Uta] [art] [Last-Call] Artart last call revi… Anjam Saqib
- Re: [Uta] [Last-Call] Artart last call review of … Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [SPAM] Artart last call review of draft… Cullen Jennings
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [Last-Call] Artart last call review of … Stephen Farrell
- Re: [Uta] [EXTERNAL] Re: Artart last call review … Andrei Popov
- Re: [Uta] [art] Artart last call review of draft-… Cullen Jennings
- Re: [Uta] [art] Artart last call review of draft-… Peter Saint-Andre
- Re: [Uta] [Last-Call] [art] Artart last call revi… Benjamin Kaduk
- Re: [Uta] [art] Artart last call review of draft-… Peter Saint-Andre
- Re: [Uta] [art] Artart last call review of draft-… Peter Gutmann
- Re: [Uta] [art] Artart last call review of draft-… Peter Saint-Andre
- Re: [Uta] [art] Artart last call review of draft-… Peter Gutmann
- Re: [Uta] [art] Artart last call review of draft-… Yaron Sheffer
- Re: [Uta] [art] Artart last call review of draft-… Rob Sayre