Re: [TLS] TLS 1.2 deprecation and RFC 7627

[Eric Rescorla]

On Sat, Apr 1, 2023 at 12:15 PM Dmitry Belyavsky  wrote:

> Dear Martin,
>
> On Sat, 1 Apr 2023, 19:36 Martin Thomson,  wrote:
>
>> On Sat, Apr 1, 2023, at 20:28, Dmitry Belyavsky wrote:
>> > Are the things like national-wide standards considered as new features
>> > (until they don't pretend to be Internet-wide standards)?
>>
>> I would not expect the IETF to be specifying national standards (that's
>> an obvious contradiction anyway).
>>
>> It is also unnecessary.  The registration policies for TLS registries
>> allow people to register extensions without IETF involvement (unless you
>> consider IETF-appointed experts), so they should feel free to extend in any
>> way that makes them happy.
>>
>
> Right, but national standards often go through Independent stream
>

Yes they do -- though it seems like it would be easier all around if they
just registered on the basis of I-Ds. In any case, they will be able to
continue to do so under the proposed course of action.

-Ekr

___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS 1.2 deprecation and RFC 7627

[Dmitry Belyavsky]

Dear Martin,

On Sat, 1 Apr 2023, 19:36 Martin Thomson,  wrote:

> On Sat, Apr 1, 2023, at 20:28, Dmitry Belyavsky wrote:
> > Are the things like national-wide standards considered as new features
> > (until they don't pretend to be Internet-wide standards)?
>
> I would not expect the IETF to be specifying national standards (that's an
> obvious contradiction anyway).
>
> It is also unnecessary.  The registration policies for TLS registries
> allow people to register extensions without IETF involvement (unless you
> consider IETF-appointed experts), so they should feel free to extend in any
> way that makes them happy.
>

Right, but national standards often go through Independent stream

>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS 1.2 deprecation and RFC 7627

[Martin Thomson]

On Sat, Apr 1, 2023, at 20:28, Dmitry Belyavsky wrote:
> Are the things like national-wide standards considered as new features
> (until they don't pretend to be Internet-wide standards)?

I would not expect the IETF to be specifying national standards (that's an 
obvious contradiction anyway).

It is also unnecessary.  The registration policies for TLS registries allow 
people to register extensions without IETF involvement (unless you consider 
IETF-appointed experts), so they should feel free to extend in any way that 
makes them happy.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS 1.2 deprecation and RFC 7627

[Dmitry Belyavsky]

Dear Rich,

Are the things like national-wide standards considered as new features
(until they don't pretend to be Internet-wide standards)?

On Fri, Mar 31, 2023 at 2:11 AM Salz, Rich
 wrote:
>
> FWIW, my plan for the draft (which I hope to submit for adoption within a 
> month) is to include text that says, basically, while no new features will be 
> ADDED to TLS 1.2, the WG may decide to deprecate or remove things that have 
> become security risks.  I think it's better to keep specifics in separate 
> documents; ideally this one can be read, understood, and appreciated by those 
> not steeped in the gory technical details.
>
> On 3/31/23, 8:59 AM, "Martin Thomson"  > wrote:
>
>
> Just a thought, but in the discussion of TLS 1.2, we might start to consider 
> the use of TLS 1.2 **without the session hash/EMS** extension to be 
> deprecated sooner. RFC 7627 basically rescued TLS 1.2 from a whole swathe of 
> problems; so maybe requiring it (or not supporting TLS 1.2 if that cannot be 
> negotiated) offers a short term step toward eventual deprecation, while 
> allowing those who find themselves stuck on TLS 1.2 more time to adjust.
>
>
> ___
> TLS mailing list
> TLS@ietf.org 
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls__;!!GjvTz_vk!UNB0h17Crh0iXqtbjQkhlf5180NWCg6SrAVjadF2H-Era8IqokFYAERHtHrNs3kfu9iwp7h9kw$
>  
> 
>
>
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
SY, Dmitry Belyavsky

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS 1.2 deprecation and RFC 7627

[Salz, Rich]

FWIW, my plan for the draft (which I hope to submit for adoption within a 
month) is to include text that says, basically, while no new features will be 
ADDED to TLS 1.2, the WG may decide to deprecate or remove things that have 
become security risks.  I think it's better to keep specifics in separate 
documents; ideally this one can be read, understood, and appreciated by those 
not steeped in the gory technical details.

On 3/31/23, 8:59 AM, "Martin Thomson" mailto:m...@lowentropy.net>> wrote:


Just a thought, but in the discussion of TLS 1.2, we might start to consider 
the use of TLS 1.2 **without the session hash/EMS** extension to be deprecated 
sooner. RFC 7627 basically rescued TLS 1.2 from a whole swathe of problems; so 
maybe requiring it (or not supporting TLS 1.2 if that cannot be negotiated) 
offers a short term step toward eventual deprecation, while allowing those who 
find themselves stuck on TLS 1.2 more time to adjust.


___
TLS mailing list
TLS@ietf.org 
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls__;!!GjvTz_vk!UNB0h17Crh0iXqtbjQkhlf5180NWCg6SrAVjadF2H-Era8IqokFYAERHtHrNs3kfu9iwp7h9kw$
 

 



___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] TLS 1.2 deprecation and RFC 7627

[Martin Thomson]

Just a thought, but in the discussion of TLS 1.2, we might start to consider 
the use of TLS 1.2 **without the session hash/EMS** extension to be deprecated 
sooner.  RFC 7627 basically rescued TLS 1.2 from a whole swathe of problems; so 
maybe requiring it (or not supporting TLS 1.2 if that cannot be negotiated) 
offers a short term step toward eventual deprecation, while allowing those who 
find themselves stuck on TLS 1.2 more time to adjust.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls