Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Thu, 25 Apr 2019 18:30:43 -0700 

> On Apr 12, 2019, at 7:28 PM, Christopher Wood <c...@heapingbits.net> wrote:
> 
> This is the working group last call for the "Deprecating TLSv1.0 and TLSv1.1” 
> draft available at:
> 
>    https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
> 
> Please review the document and send your comments to the list by April 26, 
> 2019.

My concern is whether the time is yet nigh for TLS 1.0 to be disabled
in opportunistic TLS in SMTP, or whether TLS 1.0 remains sufficiently
common to cause deprecation to do more harm than good via unnecessary
downgrades to cleartext.

I don't have survey numbers for SMTP TLS protocol versions across MTAs
generally to shed light on this, perhaps someone does.  What I do have
is numbers for those MTAs (not a representative sample) that have DANE
TLSA records (so presumably a greater focus on security).

The observed version frequencies are approximately:

        TLS 1.0:  1%
        TLS 1.1:  0%
        TLS 1.2: 87%
        TLS 1.3: 12%

essentially regardless of whether I deduplicate by name, IP or name and IP.
The respective sample sizes are 5435, 6938 and 7959.

So if a DANE-enabled sender were to disable TLS 1.0 today, approximately
1% of the destination MX hosts would be broken and need remediation.  These
handle just of 189 mostly small SOHO domains out of the ~1.1 million total
DANE SMTP domains, but four handle enough email to show up on the Gmail
SMTP transparency report:

  tu-darmstadt.de
  t-2.net
  t-2.com
  t-2.si

So on the whole, the draft should proceed, but some caution may be appropriate
outside the browser space, before operators start switching off TLS 1.0 support.

I don't see an operational considerations section.  Nor much discussion of
"less mainstream" (than Web browser) TLS application protocols.  Would a few
words of caution be appropriate, or is it expected that by the time the RFC
starts to change operator behaviour the "market share" of TLS 1.0 will be
substantially lower than I see today even with SMTP, XMPP, NTTP and the like.

[ I would speculate that TLS 1.0's share is noticeably higher among MTAs
  generally than among the bleeding-edge MTAs that have published DANE TLSA
  RRs. ]

-- 
        Viktor.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to