On Mar 25, 2024, at 8:29 PM, Salz, Rich <rs...@akamai.com> wrote: > >> Speaking as non-chair (and my first post to the list). > > Welcome.
Thanks! > I think in all but special cases specifying just the minimum is fine. The > only reason I can think of for specifying the max version is that you have > regulatory/compliance issues to comply with. We ran into this in EMU with EAP-TLS. The EAP application derived application-specific keys based on TLS key exporter constructs. Those constructs changed with TLS 1.3, and all of the code which supported "TLS 1.2 or higher" broke in weird ways. Applications had to add a "maximum TLS version" configuration to explicitly avoid using TLS 1.3, until such time as the EAP-TLS standards were updated. The maximum needed to be set because by default, OpenSSL would negotiate the highest available TLS version, which usually ended up with 1.3. Once EAP-TLS was updated to use the key exporters defined for TLS 1.3, the implementations could be updated. First the code to support the new functionality, and then the "maximum TLS version" was relaxed to allow TLS 1.3. I recall also discussion in the EMU mailing list that the EAP-TLS document needed to forbid systems from automatically updating to the latest TLS version. The idea was to avoid a similar issue as we saw from the TLS 1.2 to 1.3 transition. But on reading RFC 9190, I can't see any text to that effect. :( > The problem with "or higher" is that it needs context and timelines to be > useful. Let us suppose that I sell a program, Foobar, that uses the system > TLS provider but it is a DLL/.so because I want my customers to be able to > install updates that their OS vendor provides. Now suppose the IETF > specifies TLS 1.4 at T0. OS Vendor A supports it at T2, vendor B at T3, and > FreeTLS provides it at T1. And of course the events could happen in a > different order (except the RFC always comes first :) > > Who becomes non-compliant with the "or higher" construct and at what > Tn+delta? And if you say "the highest version available" you're making it > even more intractable/worse. > > The current wording seems the least disruptive to me. Yes, in some number of > years we'll have to do an update that says TLS 1.4, but that's a lot less > work. I think removing the "or higher" is the correct thing to do. Alan DeKok. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
