IMO RFC7525 and this new draft both suffer from dubious assumptions and
make poor recommendations because of those assumptions. In particular,
there are many cases for which using an old version of TLS is suboptimal
and it shouldn't be considered as secure, but it may still be better
than deprecating old versions of TLS that might be the only ones
supported by the peer.
Whether or not to ban SSL v2 and v3 is a tough call, but not for the reasons
given in RFC 7525. Yes, these are weak mechanisms, but in the absence of other
considerations weak is better than no security at all.
However, because of the way the negotations work supporting all of these stuff
simultaneously has proven to be difficult to get right. The fact that these old
versions can cause interop failures with later versions is arguably sufficient
cause for a MUST NOT.
People do not always have the luxury of upgrading their clients and
servers to versions that support the recent TLS. Some legacy hardware
has firmware that cannot be upgraded because no upgrades are
available. Service providers do not always have the leverage to insist
that their customers upgrade, or the luxury of abandoning customers. etc.
Shorter version: Once again the IETF is letting the best be the enemy of the
good.
I therefore find it difficult to make good advice of the form "don't use
TLS version x.y" that is appropriate across all applications and all
usage scenarios. Again, there's an important difference between "don't
use TLS x.y" and "don't consider TLS x.y secure".
Agreed.
I also think it's odd that there are recommendations like this that say
"don't support TLS x.y" but say nothing about not supporting cleartext
for protocols that still have a cleartext mode. Even SSL 1.0 is
probably better than cleartext (at least from a security perspective, if
not from a support burden perspective) as long as it's not trusted to be
secure.
Agreed as well.
So in summary, either I don't support adoption of this draft, or I
support adoption of this draft only to the extent that it can be
significantly changed.
AFAICT the draft hasn't been updated beyond what RFC 7525 says, so I'm
going to wait and see what those updates say before I decide if I can
support the change.
Ned
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
