Re: [TLS] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Kathleen Moriarty]

Hi Eliot,

Thanks for raising your concern.  I’ll note that I first started working on 
this because a well deployed library already had plans to drop support for 
versions 1.0 and 1.1 in their next release.  Customers that wanted those 
versions would have to use a prior library. This history may help.

Best regards,
Kathleen 

Sent from my mobile device

> On Nov 28, 2020, at 10:26 AM, Stephen Farrell  
> wrote:
> 
> 
> Hi Eliot,
> 
>> On 28/11/2020 10:45, Eliot Lear wrote:
>> Hi there IESG
>> I support the intent of this document, and I think the approach to
>> update the various documents listed is the right one.
> 
> Cool.
> 
>> Because of the breadth of documents updated, I wonder if at least
>> some implementation guidance is warranted, in order to assist
>> developers and even perhaps administrators.  Perhaps in some cases
>> these are compile-time or even run time options.  I’d suggest
>> guidance for common libraries, such as Microsoft .NET, OpenSSL,
>> GNUTLS, and WolfSSL. Better to give that guidance to get people to
>> TLS 1.3 rather than 1.2, of course.  Even informational references
>> would be fine, as assuredly some of this guidance exists.
> 
> Text welcomed of course, but I think it's mostly a case of
> doing the s/w update for the library and then either waiting
> 'till the library developer defaults to TLSv1.2 or better, or
> else various config file or API options that don't differ
> that much from library to library. I can check it out before
> we're done (again, text welcome if someone else wants to do
> that), but not sure it'll be that useful in the end TBH.
> (I'll get back when I get to doing that.)
> 
> Cheers,
> S.
> 
>> Thanks,
>> Eliot
 On 9 Nov 2020, at 23:26, The IESG  wrote:
>>> The IESG has received a request from the Transport Layer Security
>>> WG (tls) to consider the following document: - 'Deprecating TLSv1.0
>>> and TLSv1.1'  as Best
>>> Current Practice
>>> The IESG plans to make a decision in the next few weeks, and
>>> solicits final comments on this action. Please send substantive
>>> comments to the last-c...@ietf.org mailing lists by 2020-11-30.
>>> Exceptionally, comments may be sent to i...@ietf.org instead. In
>>> either case, please retain the beginning of the Subject line to
>>> allow automated sorting.
>>> Abstract
>>> This document, if approved, formally deprecates Transport Layer Security 
>>> (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those 
>>> documents (will be moved|have been moved) to Historic status.  These 
>>> versions lack support for current and recommended cryptographic algorithms 
>>> and mechanisms, and various government and industry profiles of 
>>> applications using TLS now mandate avoiding these old TLS versions.  
>>> TLSv1.2 has been the recommended version for IETF protocols since 2008, 
>>> providing sufficient time to transition away from older versions.  Removing 
>>> support for older versions from implementations reduces the attack surface, 
>>> reduces opportunity for misconfiguration, and streamlines library and 
>>> product maintenance.
>>> This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC6347), 
>>> but not DTLS version 1.2, and there is no DTLS version 1.1.
>>> This document updates many RFCs that normatively refer to TLSv1.0
>>> or TLSv1.1 as described herein.  This document also updates the
>>> best practices for TLS usage in RFC 7525 and hence is part of
>>> BCP195.
>>> The file can be obtained via 
>>> https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
>>> 
>>> 
>>> 
>>> 
> No IPR declarations have been submitted directly on this I-D.
>>> The document contains these normative downward references. See RFC
>>> 3967 for additional information: rfc5024: ODETTE File Transfer
>>> Protocol 2.0 (Informational - Independent Submission Editor
>>> stream) rfc5024: ODETTE File Transfer Protocol 2.0 (Informational -
>>> Independent Submission Editor stream) rfc5023: The Atom Publishing
>>> Protocol (Proposed Standard - IETF stream) rfc5019: The Lightweight
>>> Online Certificate Status Protocol (OCSP) Profile for High-Volume
>>> Environments (Proposed Standard - IETF stream) rfc5019: The
>>> Lightweight Online Certificate Status Protocol (OCSP) Profile for
>>> High-Volume Environments (Proposed Standard - IETF stream) rfc5018:
>>> Connection Establishment in the Binary Floor Control Protocol
>>> (BFCP) (Proposed Standard - IETF stream) rfc4992: XML Pipelining
>>> with Chunks for the Internet Registry Information Service (Proposed
>>> Standard - IETF stream) rfc4992: XML Pipelining with Chunks for the
>>> Internet Registry Information Service (Proposed Standard - IETF
>>> stream) rfc4976: Relay Extensions for the Message Sessions Relay
>>> Protocol (MSRP) (Proposed Standard - IETF stream) rfc4975: The
>>> Message Session Relay Protocol (MSRP) (Proposed Standard - IETF
>>> stream) rfc4975: The Message Session Relay Protocol (MSRP)
>>> (Proposed Standard - IETF stream) rf

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Kathleen Moriarty]

Having risk management experience as well as policy establishment and 
enforcement, I would rather see the clear notification that something is not 
secure.  Then the organization makes the decision to take that risk based on 
likelihood/impact considerations.  This factors in risk tolerance and business 
objectives.  I am an author on the draft, and don’t think this is the place for 
those business decisions to be made.

Best regards,
Kathleen 

Sent from my mobile device

> On Dec 1, 2020, at 12:52 AM, Ben Smyth  wrote:
> 
> 
> I haven't followed all the nuances of this discussion, but it seems to boil 
> down to use of "MUST NOT" when certain "EXCEPTIONS MAY" exist for private 
> enterprise running legacy kit, which makes decision makers anxious, since 
> they don't want responsibility for something they "MUST NOT" do: A solution 
> might be to introduce "MUST NOT...EXCEPTIONS MAY" language, thereby allowing 
> sectors to define their standards/principles/expectations. 
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Kathleen Moriarty]

I disagree here as those other implementations just need to make their own 
business risk decisions and put in place an exception process.  One option in 
the risk decision process is to accept risk, you can also mitigate, eliminate, 
or transfer the risk.

Best regards,
Kathleen 

Sent from my mobile device

> On Dec 1, 2020, at 7:57 AM, Keith Moore  wrote:
> 
> On 12/1/20 4:29 AM, Peter Gutmann wrote:
> 
>> I think all it needs is something along the lines of "This BCP applies to TLS
>> as used on the public Internet [Not part of the text but meaning the area 
>> that
>> the IETF creates standards for].
> 
> Not specifically relevant to this draft, but:  Is it actually defined 
> anywhere that IETF standards only apply to the public Internet?  IMO IETF 
> needs to realize that implementations of its standards are used outside of 
> the public Internet and consider that when writing its documents.  (even 
> though different rules may be appropriate on private and mostly-isolated 
> networks)
> 
> Keith
> 
> p.s. I keep thinking that this "MUST NOT TLS < 1.2" recommendation is like a 
> public health recommendation, one that is worded over-simply to try to make 
> it have maximum useful effect but perhaps to the point of being misleading or 
> even harmful. e.g. "You MUST wear masks to reduce the spread of COVID-19", 
> but not saying "oh yeah, if you're outdoors and not around other people 
> you're probably fine without a mask" and "masks are pointless if you only 
> wear them over your mouths or chins", and "the masks that have valves in them 
> to allow exhaled breath to exit unimpeded are also useless for this purpose" 
> and "you need to wear them when indoors and around co-workers, not merely 
> when customers or visitors are present".  At least where I live I see so many 
> people using masks in ineffective ways that I don't think the simple 
> recommendation is working, though I'm not sure that a more detailed 
> recommendation would work better.
> 
> 

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls