IETF Logo Mail Archive

Re: [Uta] [Last-Call] Artart last call review of draft-ietf-uta-rfc7525bis-09

Rob Sayre <sayrer@gmail.com> Fri, 15 July 2022 17:31 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF874C16ECB6; Fri, 15 Jul 2022 10:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BfcxKISbteWH; Fri, 15 Jul 2022 10:31:08 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B16CBC159490; Fri, 15 Jul 2022 10:31:08 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id fy29so9022596ejc.12; Fri, 15 Jul 2022 10:31:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7rZH4ZqxFykKintnZeuRg0O4wJysO8TBFZucAEkGgQk=; b=WGnEW+VHy8wIks7F2T6rDCyxEk6HWt59LLNC8KmdjvxEpnGHT8kDaiCVhlxwSn1Pnx 8HfWl4/XemWJm3/7KAIfhVxMiyvrl1hMIKGim6CCZ6KTJrcB24bCtxamNZ9AbKlSC+df 0sF45NsqfU2F4Y0FARMJhNYziHV7o9mNV0zREqNiXs+5HRKDSKv4KvoTlI4rKqjINYYm VLOfYacmnGvEKToUJlfqvlEcMerGzNKYFCy2JnKiUSmmQVkKeBOcnVpQHOt1vdb6hfAn VLB2pWb9FkT5nVDyb5dGCZEr/8jQONwcy/DbA9L0GayVA3yxjoo0cff8J1wkwRoEXXq3 6x2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7rZH4ZqxFykKintnZeuRg0O4wJysO8TBFZucAEkGgQk=; b=emnThgtmXpmCk23ko+qmfNy92CE4e7j8lUMNmh7fvNCmnAYLjUIMr/eqQL392m7a9E 4Mg61n1rhCzD+8hdmSBkRcUSlNCPAVRw1uDt7pnqLogM3+uEV+YOPXFst6UShJVgk/QJ enDbghZQpCTx+XqMv0r6xrlmn0FQhWgrVKOl/TUeuBG6eqctPz0GNdqe92IRrqPBaQrq c+MNJr7ke7UkhlFiCi3pJDx2eLW06I1MtD40MNnOkuB91sGXC5RxWuSvKC2o98HwuyXt dTy3BxGYo7AM9hXnU/xVoED1tiQR7IW6okL9LkiliVZ+6bJ6pHduA3UuwIFhcVD4CWyC KG8A==
X-Gm-Message-State: AJIora9K7OjrPk0iFfb9MgAOCe70AqIdw8pW7nP2CZO4wsfEHjgdRnlE fE1VKPeiymJ0BhYCSTSMy90dTUoO9brk3NMX+FZ2ZcJGcDs=
X-Google-Smtp-Source: AGRyM1sQWYWpIU/PepgOZc9lJ37CCwazKlYEJZj50MtF/V0y5Hd48GBQO8TnhMCrj0RMU3Qf3JWoRzytOLGczs/7gP0=
X-Received: by 2002:a17:907:7617:b0:72b:49fe:fdf7 with SMTP id jx23-20020a170907761700b0072b49fefdf7mr15346258ejc.25.1657906266704; Fri, 15 Jul 2022 10:31:06 -0700 (PDT)
MIME-Version: 1.0
References: <165728991008.45773.10659091812976572509@ietfa.amsl.com>
In-Reply-To: <165728991008.45773.10659091812976572509@ietfa.amsl.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 15 Jul 2022 10:30:55 -0700
Message-ID: <CAChr6SzVctA76H5wjjYEbAvSJkb6oag6r=vBs9sXimEZ4EGW8g@mail.gmail.com>
To: Cullen Jennings <fluffy@iii.ca>
Cc: ART Area <art@ietf.org>, draft-ietf-uta-rfc7525bis.all@ietf.org, last-call@ietf.org, uta@ietf.org
Content-Type: multipart/alternative; boundary="000000000000190e7e05e3db6207"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/zipKojk0ATdVYTIpUG12rSeRhdI>
Subject: Re: [Uta] [Last-Call] Artart last call review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2022 17:31:13 -0000

On Fri, Jul 8, 2022 at 7:19 AM Cullen Jennings via Datatracker <
noreply@ietf.org> wrote:

>
> I don't think BCP is the appropriate status for this. I think it should be
> PS.
> It explicitly says that is not trying to change existent advice in
> existing RFC
> and theses will need other RFC to "modernize" them. I note that
> www.google.com,
> www.apple.com, www.mozialla.org all offer TLS 1.0 and 1.1 when I checked
> from
> Vancouver on July 8.


Some of these sites don't require TLS at all (Google Search doesn't), so I
think supporting older TLS versions makes sense in that case.

I think a lot of them choose to answer every request for public data over
any TLS version or unencrypted connections.

As time goes on, more big public sites redirect all "http" requests to
"https", but still do not care which version the client is using. After
all, they were answering over HTTP before.



>  I see no evidence of any
> discussion of how that will work out for things that use HTTP but are not
> browsers.
>

There just aren't that many implementations on the client side. Not only do
you have to implement all of the HTTP versions and TLS, but you have to
maintain all of the PKI stuff as well. Obviously, people do it, but they
are not the ones that need to read this document.

If the TLS library is not one also used by the OS and a browser (NSS,
SecureTransport, etc), it's probably OpenSSL. I don't think this is an
oversight in the document.

thanks,
Rob

v2.23.0 | Report a Bug | By Email