Re: [Last-Call] Results of Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hiya,

On 09/12/2020 02:21, Keith Moore wrote:

On 12/8/20 9:07 PM, Stephen Farrell wrote:


(replying to ekr, but really a question for you...)

On 09/12/2020 01:55, Eric Rescorla wrote:



I'm curious, what do you think the point of having this update all the
other documents was if it wasn't to constrain implementations?


When answering that, can you clarify what you mean by
"constrain" and where there's a downside to your idea
of that? It's not clear to me at any rate.
Because the requested status was Best Current Practice, I didn't interpret this document as saying that implementations of TLS must prevent operators from enabling TLS versions prior to 1.2. ("Best" implies that other practices can be chosen.) 

ISTM the "MUST NOT" bits of the draft are pretty clear, and I
don't see how they ever could have been unclear. (One could
disagree as to the wisdom and timeliness of course, but
that's a different issue.) For example, it says "TLSv1.0 MUST
NOT be used.  Negotiation of TLSv1.0 from any version of TLS
MUST NOT be permitted." My interpretation of Ben's mail was
that the responsible AD figured there was IETF consensus for
those MUST NOT statements. The IESG will or won't (dis)agree
with that when they get to it.

That said, the text does not "prevent" implementers from
doing whatever they want, it just expresses (what may turn
out to be) IETF consensus on the topic.
The downside is that operators may effectively be forced to break interoperability with existing clients and/or servers, that provide essential functionality, if some of their software is upgraded to reflect the recommendations in draft-ietf-tls-oldversions-deprecate-09.   They may be forced to do this even when the operators have valid operational reasons for continuing to use TLS < 1.2, have explicitly evaluated the risks with doing so, used their exception processes to justify doing so, etc.  (Because it's generally not feasible to postpone upgrades indefinitely or sometimes even for a short time; there are often interdependencies that preclude doing that.) 

So regardless of one's opinion on that topic, I think it's
fair to say the paragraph above doesn't raise a new point.
Anyone can of course continue to use TLSv1.0 (or SSLv3 if
perverse reality requires that;-) and the net result is only
that they won't conform to our latest BCPs. I think that's
ok myself.

Cheers,
S.



Keith

Attachment: OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux