Re: [Uta] I-D Action: draft-ietf-uta-email-deep-03.txt

Tue, 28 Jun 2016 12:45:16 -0700 

Hi Chris,


Does it mean that if a server advertises both "tls11" and "tls12",
and one day TLS 1.1 is declared insecure and its support is deactivated
on the server, "tls11" will still be mandatory to advertise even though
only TLS 1.2 is available?


No, the email security tags communicate the policy the server wants the
client to adopt. If the server operator may want to turn on TLS 1.1 and
turn off TLS 1.2 in the future, then the server should advertise the
“tls11” email security tag and not advertise the “tls12” email security
tag even if the server is TLS 1.2 only at the moment. If the server
operator is committing to supporting TLS 1.2 or later indefinitely and
wants clients to require that level of TLS, then the server operator
should advertise only the “tls12” email security tag and not the “tls11”
email security tag.


Thanks for the explanation.
Please note in Section 11.2 the following typo in the latest -04 draft:

  Name:  tls11

   Description:
      [...]
      This tag is latched if the client sees this tag in
      the advertised server DEEP status provided after successfully
      negotiating TLS version 1.0 or later.

It should be "1.1 or later".




=> In order not to duplicate registries in the future, couldn't the IANA
registry be named "Security Tags" or "Security Tags in Applications"
instead of "Email Security Tags"? This way, any protocol could benefit
of the available security tags instead of having to ask for yet another
registry.


If we decide to generalize this work, we can rename the registry. But I
want to get the email work standardized first without being distracted
by the generalization discussion as generalization discussions tend to
bog down the IETF and prevent forward progress.



OK.  I did not know registries could be renamed.  I'm then fine with 
that.  If one day your work is generalized, we'll be able to reuse it.


--
Julien ÉLIE

« C'est souvent la femme qui nous inspire les grandes choses qu'elles
  nous empêchent d'accomplir. » (Alexandre Dumas Fils)

_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta






















					Reply via email to