Re: [apps-discuss] APPSDIR review of draft-ietf-krb-wg-des-die-die-die-04
Tom Yu <tlyu@MIT.EDU> Wed, 18 April 2012 18:02 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06BD621F8537; Wed, 18 Apr 2012 11:02:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.224
X-Spam-Level:
X-Spam-Status: No, score=-104.224 tagged_above=-999 required=5 tests=[AWL=-0.625, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoPdJ23hLyDd; Wed, 18 Apr 2012 11:02:24 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (DMZ-MAILSEC-SCANNER-2.MIT.EDU [18.9.25.13]) by ietfa.amsl.com (Postfix) with ESMTP id 3A8DB21F8532; Wed, 18 Apr 2012 11:02:24 -0700 (PDT)
X-AuditID: 1209190d-b7fbf6d0000008ba-17-4f8f01af6299
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id B3.80.02234.FA10F8F4; Wed, 18 Apr 2012 14:02:23 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id q3II2LAW029363; Wed, 18 Apr 2012 14:02:22 -0400
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q3II2HsB019630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 18 Apr 2012 14:02:18 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id q3II2HtQ029000; Wed, 18 Apr 2012 14:02:17 -0400 (EDT)
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
References: <4F8E377D.2010601@gondrom.org>
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 18 Apr 2012 14:02:17 -0400
In-Reply-To: <4F8E377D.2010601@gondrom.org> (Tobias Gondrom's message of "Wed, 18 Apr 2012 11:39:41 +0800")
Message-ID: <ldvmx68x6ja.fsf@cathode-dark-space.mit.edu>
Lines: 40
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRmVeSWpSXmKPExsUixG6noruesd/fYNF5BYvVL1ewWUx6/4/N YsaficwWtxbMZ3Rg8XhwZz6Tx5IlP5k8vlz+zBbAHMVlk5Kak1mWWqRvl8CVcePHROaC2QIV rXPuMjcwTuXtYuTkkBAwkWjvmcQMYYtJXLi3nq2LkYtDSGAfo8T335NYQRJCAhsYJRrP6kAk rjBJ/L8/Haqqi1Hi08Zd7CBVIgL6EgeuH2MDsZkF0iXuXNvI0sXIwSEsECRx+Y8HxCAtib4z 08DCbALSEkcXl4GEWQRUJW48vwPWySmQLXHz3nSwvbwCFhJvpjQygtg8ApwSDz8uY4SIC0qc nPmEBWKTlsSNfy+ZJjAKzkKSmoUktYCRaRWjbEpulW5uYmZOcWqybnFyYl5eapGukV5uZole akrpJkZQEHNK8u5gfHdQ6RCjAAejEg/v12t9/kKsiWXFlbmHGCU5mJREea//BQrxJeWnVGYk FmfEF5XmpBYfYpTgYFYS4V13ASjHm5JYWZValA+TkuZgURLnVdV65yckkJ5YkpqdmlqQWgST leHgUJLgfcrQ7y8kWJSanlqRlplTgpBm4uAEGc4DNPwuSA1vcUFibnFmOkT+FKOilDjvbpCE AEgiozQPrheWZF4xigO9Isx7EqSKB5ig4LpfAQ1mAhqsKAFydXFJIkJKqoFx+6NtU4XObVm7 6Iea4VLu6o/rbAochJN/hL6auu7ijNqbV25dXHNgTh+Pq/VNXZHjHgo8b1XEzFnuC3Z4cJ5Y UXKT41afgK2epoSZo8I3nhMmf6+4RnpzHud5WSOQwp1wO9KW80mIs7SiwYYi56mS2goe1nJN J1suivNfn9ljfODsu4gLjGeUWIozEg21mIuKEwGK4agBDQMAAA==
Cc: draft-ietf-krb-wg-des-die-die-die.all@tools.ietf.org, iesg@ietf.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] APPSDIR review of draft-ietf-krb-wg-des-die-die-die-04
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2012 18:02:25 -0000
Tobias Gondrom <tobias.gondrom@gondrom.org> writes: > Major Comment: > Agree that we should/must deprecate the weak cryptographic algorithms > in Kerberos. > However IMHO, I do not agree with the reasoning "to not actively > discourage the use of RC4-HMAC" in section 7. > I understand that interoperability is of major importance, but at some > point a very weak algorithm will give users a false sense of security > while exposing them to malicious attacks. And keeping RC4-HMAC > supported does also expose the majority of the community (who is not > using the deprecated Windows Versions) at possible risks to downgrade > attacks. I believe RC4-HMAC (note: _not_ the 56-bit RC4-HMAC-EXP, which we _are_ deprecating) is stronger than the DES enctypes that we are deprecating. It has a 128-bit keysize, but might be somewhat weaker than AES of the same keysize. I know of no reason yet to characterize RC4-HMAC as "very weak"; it might very well be stronger than triple-DES, which we are not deprecating at this time. Do you believe that RC4-HMAC poses anywhere near the level of risk that single-DES does? If not, I prefer to handle deprecating RC4-HMAC separately so that we avoid confusing the issues. > I believe even though the support of the complete Internet community > is vital for standards, the support of deprecated (and AFAIK no longer > supported OS versions) should not be the deciding argument behind our > decisions here. Even old OS can be patched or fixed by the vendor or > other service providers and it should not justify to keep a weak > algorithm. Extended support is still available for some of the Windows operating systems in question, but I believe Microsoft finds it uneconomical to implement support for new crypto algorithms in these older versions of Windows (which could very well still be around until 2015). RFC 4757 already mentions known weaknesses of RC4-HMAC, and we refer to that RFC in the document's Security Considerations. Do you believe that there should be a stronger warning?