Benjamin Kaduk <ka...@mit.edu> wrote:
>> That does not surprise me, but I think that is part of the problem. These
>> things should mainly be decided by the TLS working group.
>
>How? Just by publishing BCPs, or is the TLS WG also supposed to (e.g.)
>watch IETF LCs and complain about use of old protocol versions?
Just by publishing BCPs and standard track documents. Watching out for old
protocol versions in other WG’s is not really the TLS WG’s job. Hopefully,
everybody in the security area complain if they see use of obsolete versions or
weak algorithms.
>> "New implementations and deployments MUST include support of the new
>> version".
>>
>> If this is not clearly defined somewhere, I think it needs to be specified.
>> If it is >specified somewhere, IETF needs to make sure to follow apply it.
>
>Even supposing everyone agrees on this, there seem to be some fencepost
>issues surrounding "new". Is a protocol "new" when it gets published as an
>RFC, or at WGLC, or even earlier? I have been pretty laid-back until now
>about requiring things coming in front of the IESG to pick up TLS 1.3,
>since for the most part they were in progress (including implementations)
>before TLS 1.3 implementations were readily available in production-grade
>form. It's about time to tighten up on that, since it's been over a year
>since RFC 8446, but I'm not sure I fully understand where you want us to
>fall across these boundary conditions.
I fully agree. There are several boundary conditions here and any best practice
can probably not be summarized on a single line. Tightening up requirement of
new drafts to support TLS 1.3 now seems about right. There could probably still
be exceptions, but they would have to be well motivated.
/John
-----Original Message-----
From: Benjamin Kaduk <ka...@mit.edu>
Date: Friday, 4 October 2019 at 02:11
To: John Mattsson <john.matts...@ericsson.com>
Cc: Stephen Farrell <stephen.farr...@cs.tcd.ie>, Sean Turner <s...@sn3rd.com>,
Sean Turner via Datatracker <nore...@ietf.org>, "tls-cha...@ietf.org"
<tls-cha...@ietf.org>, IESG Secretary <iesg-secret...@ietf.org>, "TLS@ietf.org"
<tls@ietf.org>
Subject: Re: [TLS] Publication has been requested for
draft-ietf-tls-oldversions-deprecate-05
On Wed, Oct 02, 2019 at 02:45:08PM +0000, John Mattsson wrote:
> Hi,
>
> Sean Turner wrote:
> > "You can change the text, but I do not believe it will change the
implementations."
>
> I would much rather have a future proof RFC that forbids negotiation of
DTLS 1.0 with the knowledge that some implementations will temporary violate
that, than having an RFC that long time in the future allows negotiation and
use of DTLS 1.0.
>
>
> Eric Rescorla wrote:
> > "result of some pretty extensive discussion and compromising in rtcweb"
>
> That does not surprise me, but I think that is part of the problem. These
> things should mainly be decided by the TLS working group.
How? Just by publishing BCPs, or is the TLS WG also supposed to (e.g.)
watch IETF LCs and complain about use of old protocol versions?
> Draft-ietf-rtcweb-security-arch mandated DTLS 1.0 until Nov 2018. That is
> half a year after the "Deprecating TLSv1.0 and TLSv1.1" draft was
> submitted and almost 7 years after DTLS 1.0 was made obsolete.
Mandating (D)TLS 1.0 is not going to get past the IESG in 2018. We can
(and are) try to better communicate our expectations for this sort of thing
to the WGs, but it seems unrealistic to expect a 100% success rate from
them, since it's usually not the WG's core competency. (See also
https://protect2.fireeye.com/url?k=81062a4c-dd8ff05c-81066ad7-0cc47ad93e2a-1e749b7aef6efcb8&q=1&u=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fwgchairs%2Fdfe_5obSQm7YK7JzVbmc-MbXNmU
.)
>
> No matter what is done in this particular case, I think the important
thing to discuss is how we avoid drafts that only support obsolete versions of
TLS/DTLS in the future. According to my understanding of the comments in the
thread "Lessons learned from TLS 1.0 and TLS 1.1 deprecation", both me,
Kathleen Moriarty, and Martin Thomson understands obsoleted as:
>
> "New implementations and deployments MUST include support of the new
version".
>
> If this is not clearly defined somewhere, I think it needs to be
specified. If it is specified somewhere, IETF needs to make sure to follow
apply it.
Even supposing everyone agrees on this, there seem to be some fencepost
issues surrounding "new". Is a protocol "new" when it gets published as an
RFC, or at WGLC, or even earlier? I have been pretty laid-back until now
about requiring things coming in front of the IESG to pick up TLS 1.3,
since for the most part they were in progress (including implementations)
before TLS 1.3 implementations were readily available in production-grade
form. It's about time to tighten up on that, since it's been over a year
since RFC 8446, but I'm not sure I fully understand where you want us to
fall across these boundary conditions.
-Ben
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
