Victor, Thank you very much for your work and pushing the points on uses of TLS outside of web as this is an important point.
On Thu, Apr 25, 2019 at 9:30 PM Viktor Dukhovni <[email protected]> wrote: > > On Apr 12, 2019, at 7:28 PM, Christopher Wood <[email protected]> > wrote: > > > > This is the working group last call for the "Deprecating TLSv1.0 and > TLSv1.1” draft available at: > > > > > https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ > > > > Please review the document and send your comments to the list by April > 26, 2019. > > My concern is whether the time is yet nigh for TLS 1.0 to be disabled > in opportunistic TLS in SMTP, or whether TLS 1.0 remains sufficiently > common to cause deprecation to do more harm than good via unnecessary > downgrades to cleartext. > > I don't have survey numbers for SMTP TLS protocol versions across MTAs > generally to shed light on this, perhaps someone does. What I do have > is numbers for those MTAs (not a representative sample) that have DANE > TLSA records (so presumably a greater focus on security). > > The observed version frequencies are approximately: > > TLS 1.0: 1% > TLS 1.1: 0% > TLS 1.2: 87% > TLS 1.3: 12% > > essentially regardless of whether I deduplicate by name, IP or name and IP. > The respective sample sizes are 5435, 6938 and 7959. > > So if a DANE-enabled sender were to disable TLS 1.0 today, approximately > 1% of the destination MX hosts would be broken and need remediation. These > handle just of 189 mostly small SOHO domains out of the ~1.1 million total > DANE SMTP domains, but four handle enough email to show up on the Gmail > SMTP transparency report: > > tu-darmstadt.de > t-2.net > t-2.com > t-2.si > > So on the whole, the draft should proceed, but some caution may be > appropriate > outside the browser space, before operators start switching off TLS 1.0 > support. > > I don't see an operational considerations section. Nor much discussion of > "less mainstream" (than Web browser) TLS application protocols. Would a > few > words of caution be appropriate, or is it expected that by the time the RFC > starts to change operator behaviour the "market share" of TLS 1.0 will be > substantially lower than I see today even with SMTP, XMPP, NTTP and the > like. > > [ I would speculate that TLS 1.0's share is noticeably higher among MTAs > generally than among the bleeding-edge MTAs that have published DANE TLSA > RRs. ] > My take on deprecation drafts is that once published, they take time (years) before there is compliance. Even with that, we may never achieve full compliance and older version use continues. We do know that OpenSSL will continue to support the version that came out last fall for 5 years from that point in time. Publication of the draft does not mean support goes away at that point in time, but provides another push. If there's a strong feeling that text should be added, we could, but my preference would be to leave it to the normal process for deprecation. Thank you, Kathleen > -- > Viktor. > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > -- Best regards, Kathleen
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
