Hi,
the call for adoption is over. Thanks to all who participated in it.
We received some replies unconditionally supported the adoption
and a few that expressed concerns about the current draft content.
We think that these concerns are not blockers for adoption, since
folks willing to change the
On 5/12/20 10:45 AM, Keith Moore wrote:
> On 5/9/20 11:50 AM, Valery Smyslov wrote:
>
>> the chairs encourage WG members to more actively participate in the call.
>> At the meeting a lot of participants expressed a favor of adoption,
>> we ask these participants to reconfirm their position on the
On 5/9/20 11:50 AM, Valery Smyslov wrote:
the chairs encourage WG members to more actively participate in the call.
At the meeting a lot of participants expressed a favor of adoption,
we ask these participants to reconfirm their position on the list (if they
didn't do it yet).
Since we wouldn'
I support adoption; it's time to revisit this BCP as circumstances have
changed.
-Jim
On 5/9/20 8:50 AM, Valery Smyslov wrote:
> Hi,
>
> the chairs encourage WG members to more actively participate in the call.
> At the meeting a lot of participants expressed a favor of adoption,
> we ask these p
In article <000f01d62619$91c80110$b5580330$@gmail.com> you write:
>Hi,
>
>the chairs encourage WG members to more actively participate in the call.
>At the meeting a lot of participants expressed a favor of adoption,
>we ask these participants to reconfirm their position on the list (if they
>didn'
I am in favor of adoption
On Sat, May 9, 2020 at 8:50 AM Valery Smyslov
wrote:
> Hi,
>
> the chairs encourage WG members to more actively participate in the call.
> At the meeting a lot of participants expressed a favor of adoption,
> we ask these participants to reconfirm their position on the
Hi,
the chairs encourage WG members to more actively participate in the call.
At the meeting a lot of participants expressed a favor of adoption,
we ask these participants to reconfirm their position on the list (if they
didn't do it yet).
Regards,
Leif & Valery.
> Hi,
>
> during the last vir
> On Tue, Apr 28, 2020 at 1:41 AM tom petch wrote:
> It's worth noting that to the extent that this is a requirement, it is
> already violated by any installation which is compliant with RFC
> 7525. The auditing techniques in question depend un using static RSA
> cipher suites, but 7525
> https:/
- Original Message -
From: Eric Rescorla e...@rtfm.com
Sent: 01/05/2020 22:45:35
On Tue, Apr 28, 2020 at 1:41 AM tom petch wrote:
One requirement that was raised in the later stages of the work on TLS 1.3
related to audit, and was raised, I think, by representatives of the finance
Keith Moore writes:
>It can be expensive to upgrade devices in some industrial applications.
For the specific TLS implementation I was referring to in that post, upgrades
have to be scheduled years in advance for each site, and for the next upgrade
round, in 2030, will probably mean replacing th
On 5/3/20 3:14 PM, Eric Rescorla wrote:
I don't have much experience with SCADA TLS stacks, so I can't speak
to this, but I wasn't thinking primarily of the TLS stack itself but
just of the overall software on the device. In general, most software
has some defects and some of them will be secu
On Sat, May 2, 2020 at 10:26 PM Peter Gutmann
wrote:
> Eric Rescorla writes:
>
> >if you are running a piece of hardware that cannot upgrade its TLS stack
> at
> >all, you quite likely have a number of serious unpatched vulnerabilities,
> and
> >should reconsider whether it is safe to have that
Eric Rescorla writes:
>if you are running a piece of hardware that cannot upgrade its TLS stack at
>all, you quite likely have a number of serious unpatched vulnerabilities, and
>should reconsider whether it is safe to have that hardware attached to the
>Internet.
Embedded non-upgradeable SCADA
In article you write:
>On 01/05/2020 22:35, Eric Rescorla wrote:
>> On Mon, Apr 27, 2020 at 2:04 AM tom petch wrote:
>>> and I am unclear whether or not TLS 1.3 will gain widespread use in the
>>> Internet, with HTTP, SMTP and such like.
>>
>>
>> I don't know about SMTP, but TLS 1.3 has *alread
On Fri, May 1, 2020 at 4:43 PM Keith Moore
wrote:
> On 5/1/20 6:48 PM, Eric Rescorla wrote:
>
> On Thu, Apr 30, 2020 at 7:59 PM Keith Moore
> wrote:
>
>> People do not always have the luxury of upgrading their clients and
>> servers to versions that support the recent TLS.Some legacy hardwar
On 5/1/20 6:48 PM, Eric Rescorla wrote:
On Thu, Apr 30, 2020 at 7:59 PM Keith Moore
mailto:mo...@network-heretics.com>> wrote:
People do not always have the luxury of upgrading their clients and
servers to versions that support the recent TLS. Some legacy
hardware
has firmwa
On Fri, May 1, 2020 at 10:47 AM wrote:
> > IMO RFC7525 and this new draft both suffer from dubious assumptions and
> > make poor recommendations because of those assumptions. In particular,
> > there are many cases for which using an old version of TLS is suboptimal
> > and it shouldn't be consi
On Thu, Apr 30, 2020 at 7:59 PM Keith Moore
wrote:
> People do not always have the luxury of upgrading their clients and
> servers to versions that support the recent TLS.Some legacy hardware
> has firmware that cannot be upgraded because no upgrades are
> available. Service providers do no
On 01/05/2020 22:35, Eric Rescorla wrote:
> On Mon, Apr 27, 2020 at 2:04 AM tom petch wrote:
>> and I am unclear whether or not TLS 1.3 will gain widespread use in the
>> Internet, with HTTP, SMTP and such like.
>
>
> I don't know about SMTP, but TLS 1.3 has *already* achieved widespread use
> o
On 5/1/20 5:02 PM, Peter Saint-Andre wrote:
On 4/30/20 8:59 PM, Keith Moore wrote:
IMO RFC7525
That ship sailed in 2015.
IETF isn't bound by /stare decisis/.
I don't think we ever said anything to the contrary. BCP does stand for
*best* current practice, after all.
If BCP really means Be
On Tue, Apr 28, 2020 at 1:41 AM tom petch wrote:
> One requirement that was raised in the later stages of the work on TLS 1.3
> related to audit, and was raised, I think, by representatives of the
> finance industry; the WG rejected the requirement.
It's worth noting that to the extent that thi
X. The
question is what is best practice?
-Ekr
>
> - Original Message -
> From: Valery Smyslov
> To:
> Cc: 'Yaron Sheffer' , ,
> 'Ralph Holz' , 'Peter Saint-Andre' <
> stpe...@mozilla.com>
> Sent: 26/04/2020 10:35:30
> Subject: [Uta]
On 4/30/20 8:59 PM, Keith Moore wrote:
> IMO RFC7525
That ship sailed in 2015.
> and this new draft both suffer from dubious assumptions and
> make poor recommendations because of those assumptions. In particular,
> there are many cases for which using an old version of TLS is suboptimal
> and
On 5/1/20 12:27 PM, Ned Freed wrote:
IMO RFC7525 and this new draft both suffer from dubious assumptions and
make poor recommendations because of those assumptions. In particular,
there are many cases for which using an old version of TLS is suboptimal
and it shouldn't be considered as secure,
IMO RFC7525 and this new draft both suffer from dubious assumptions and
make poor recommendations because of those assumptions. In particular,
there are many cases for which using an old version of TLS is suboptimal
and it shouldn't be considered as secure, but it may still be better
than depreca
IMO RFC7525 and this new draft both suffer from dubious assumptions and
make poor recommendations because of those assumptions. In particular,
there are many cases for which using an old version of TLS is suboptimal
and it shouldn't be considered as secure, but it may still be better
than depr
I support adoption and will review the draft.
> On Apr 27, 2020, at 11:32, Peter Saint-Andre wrote:
>
> Specific TLS 1.3 gotcha: 0-RTT – what should we say here?
At a minimum, I think we need this draft to address the point above.
spt
___
Uta mailing
Hi,
>
> I expect that you are familiar with
> draft-camwinget-tls-ns-impact
> which looks at operational security with TLS 1.2 and identifies what is
> difficult or impossible to do with TLS 1.3. One might infer from this I-D
> that TLS 1.3 offers less security than TLS 1.2:-)
One requirement tha
- Die, Die, Die'
Tom Petch
- Original Message -
From: Valery Smyslov
To:
Cc: 'Yaron Sheffer' , , 'Ralph
Holz' , 'Peter Saint-Andre'
Sent: 26/04/2020 10:35:30
Subject: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
__
In article <9c423d31-4040-ef7f-1779-240a26104...@isode.com>,
Alexey Melnikov wrote:
>I don't have any number for SMTP or IMAP, but judging from my own
>experience: our implementations upgraded to OpenSSL 1.1.1 and we got TLS
>1.3 enabled for free. I suspect many other people in the same boat.
, 'Ralph Holz' mailto:ralph.h...@gmail.com>>, 'Peter Saint-Andre'
mailto:stpe...@mozilla.com>>
Sent: 26/04/2020 10:35:30
Subject: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
___
On 4/27/20 3:03 AM, tom petch wrote:
> What is the point of rfc7525bis? Why do we need it?
We explained much of the reasoning in the meeting last week:
https://datatracker.ietf.org/doc/slides-interim-2020-uta-01-sessa-tls-bcp-the-next-generation/
The topics we (the co-authors) plan to address i
Hi,
On 26/04/2020 10:35, Valery Smyslov wrote:
Hi,
during the last virtual interim meeting the draft
draft-sheffer-uta-bcp195bis-00 was presented and the authors asked for its
adoption.
The general feeling in the room was in favor of the adoption, however
the authors were asked to rename it to
n I-D 'TLS 1.2 - Die, Die, Die'
>
> Tom Petch
>
>
> - Original Message -
> From: Valery Smyslov
> To:
> Cc: 'Yaron Sheffer' , ,
> 'Ralph Holz' , 'Peter Saint-Andre' <
> stpe...@mozilla.com>
> Sent: 26/04/2020 10:35:30
equate for most purposes. After all, the TLS WG has yet to propose an I-D
'TLS 1.2 - Die, Die, Die'
Tom Petch
- Original Message -
From: Valery Smyslov
To:
Cc: 'Yaron Sheffer' , , 'Ralph Holz'
, 'Peter Saint-Andre'
Sent: 26/04/2020 10:35:30
7; , 'Peter Saint-Andre'
Sent: 26/04/2020 10:35:30
Subject: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
Hi,
during the last virtual interim meeting the draft
draft-sheffer-uta-bcp195bis-00 was
On Sun, 26 Apr 2020, Valery Smyslov wrote:
The general feeling in the room was in favor of the adoption, however
the authors were asked to rename it to *-rfc7525-bis.
The authors have renamed the draft and asked the chairs for its adoption.
Hi from e-mail land. We took a look and noticed that
I had a look at the draft and the text is just that of
the current BCP195 for now.
I support adoption - now that TLS1.3 is done it seems a
good time to start on this. I'll review and comment as
it goes.
S.
On 26/04/2020 10:35, Valery Smyslov wrote:
> Hi,
>
> during the last virtual interim mee
Hi,
during the last virtual interim meeting the draft
draft-sheffer-uta-bcp195bis-00 was presented and the authors asked for its
adoption.
The general feeling in the room was in favor of the adoption, however
the authors were asked to rename it to *-rfc7525-bis.
The authors have renamed the draf
39 matches
Mail list logo
