IETF Logo Mail Archive

[Curdle] draft-ietf-curdle-rc4-die-die-die-06 review

Daniel Migault <daniel.migault@ericsson.com> Tue, 15 May 2018 17:00 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD1CC126CC4 for <curdle@ietfa.amsl.com>; Tue, 15 May 2018 10:00:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mi3ivhEWyn-P for <curdle@ietfa.amsl.com>; Tue, 15 May 2018 10:00:13 -0700 (PDT)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1759B1243F3 for <curdle@ietf.org>; Tue, 15 May 2018 10:00:12 -0700 (PDT)
Received: by mail-lf0-x22e.google.com with SMTP id z142-v6so1302016lff.5 for <curdle@ietf.org>; Tue, 15 May 2018 10:00:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=ZQT7dhR8vXzHGrWVyudxlfziYVmqeBFJBTIAK8208vU=; b=DVS3LLkip3PsAXzVFHonSefrE6iXKOKyUbrqW6w+kNRn1NtZEc7z6HDk1HcL64TfyQ JvLHVJ0dPe4opd3NTcgHFTBwPLG4cwOHl9RA/ME9pzvUELQsTa0omDMeEMpwRsILIsdU Xgw7Y9I+bLaYHn0acWNrj3mlujQoEljpZJEWbFKZLAoeJcuYFQpGynGxe0n7boXOLjrt C+Y99DzR+5bL1RaQxZU8WBziLDVY2aRFp1QDBNfQ7MklNR72oXc2KdmyGcdlOTv9Uvvc 9VLpyetGdIljlOKqG83vcV/o8vDnY/0b0OkTH/QJzT/U5WxcxWimkSMyQcjXCJdEggBk c2DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=ZQT7dhR8vXzHGrWVyudxlfziYVmqeBFJBTIAK8208vU=; b=HXZKHresHi5/GxkNPDoYjzwdSvsy/NsSmjhG6skmBOk9yZhcrvHfZ6Uvcm3z6y+MgP rdESXziTTGGRDhljWlGBZG7yAHRoo4UI3sMv8amvtDXiw8bW+0UTak5jM0aehx54k6yQ JrNt/bf8DWAVF6LFvV9NBJs+RJ3EyLzuRhlWaccLPygsUi56swep/kOvnF1pycTvlBbg ++iJo6qr0L/Piv1kYNIKIr7rpWt9CRKV/diSeobaSUt7ysr3QO2gd/T3i5enCFSS5Yj5 fFCfO14j6cuPdGygr228yJHccCVrYMsswm2ownJAXAEB8PWnEb74LvDaUrRVatax7NHF 7hBw==
X-Gm-Message-State: ALKqPwdNFvVn51qKZxHGlUhr9oKQ7N3gDVgvfnez2c9sJmwGBX5q0B5K BhRsEDheH8wId19zN93To2f9Qa6P8W5qjitpuVHy3w==
X-Google-Smtp-Source: AB8JxZrlG+ecq5GOCunEbc6w1Tms0v5gGhOjoGwDwmmeNoVlouD90Ej0SQBoW+i9A2ZaMshgAdvJ/btKLeygJM3SHso=
X-Received: by 2002:a2e:9218:: with SMTP id k24-v6mr2469050ljg.70.1526403610761; Tue, 15 May 2018 10:00:10 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.46.158.88 with HTTP; Tue, 15 May 2018 10:00:10 -0700 (PDT)
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 15 May 2018 13:00:10 -0400
X-Google-Sender-Auth: _3DJVLmb2cPR5GDEpNy219aMO6g
Message-ID: <CADZyTkkv=m7N2ztwfqz2M4C=maai1-Djyfwrf4TzL3Pt=-ujdg@mail.gmail.com>
To: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000000e1e7056c418987"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/C3gyQaiBxgN-ILvJ0xT6F6ojNCA>
Subject: [Curdle] draft-ietf-curdle-rc4-die-die-die-06 review
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2018 17:00:20 -0000

Hi,

Please find my review for draft-ietf-curdle-rc4-die-die-die-06 [1]. I have
also proposed text, so please comment the review in the mail. I am willing
to start a WGLC as soon as the draft is being updated.

Yours,
Daniel


[1] https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-06


RFC-Editor:

I personally find the ton of the sentence a bit aggressive, thus I would
remove it or just leave the RFC reference.

"""
Non-ASCII characters are allowed in RFCs as per RFC 7997.
"""

I see deprecation and move to historic status as very similar to
draft-ietf-curdle-des-des-des-die-die-die-05 and I assume that is correct.

Abstract:

The sentence below is a bit hard to parse.
""
and formally obsoletes and moves to
   Historic RFC 4345.
""

I would propose instead:

"""
This document deprecates RC4 in Secure Shell (SSH).  Therefore, this
   document updates RFC 4253, and moves to Historic RFC 4345.
"""

1. Introduction


"""
RC4 is broken""
"""

Although English is not my main language, it sounds a bit abrupt to me and
it might be preferred to sue something around the lines of
draft-ietf-curdle-des-des-des-die-die-die-05:

RC4 encryption is steadily weakening in cryptographic strength, and the
deprecation process should be begun for their use in SSH.


It seems to me that sections 1, 2 3 could be merged. I would propose the
following text. I am providing comments in <mglt></mglt>.



1. Introduction


The usage of RC4 suites ( also designated as arcfour ) for SSH are
specified in RFC 4253 and RFC 4345. RFC 4253 specifies the allocation of
the "arcfour" cipher for SSH. RFC 4345 specifies and allocates the the
"arcfour-128" and "arcfour-256" ciphers for SSH.

RC4 encryption is steadily weakening in cryptographic strength
[RFC7457][draft-ietf-curdle-des-des-des-die-die-die-05], and the
deprecation process should be begun for their use in Secure Shell (SSH)
[RFC4253]. Accordingly, RFC 4253 is updated to note the deprecation of the
RC4 ciphers and RFC 4345 is moved to Historic as all ciphers it specifies
MUST NOT be used.

<mglt>I believe that this document is very closed to
[draft-ietf-curdle-des-des-des-die-die-die-05] and as such a reference to
it should be mentioned. </mglt>


2.  Requirements Notation

 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119, RFC8174]
when, and only when, they appear in all capitals, as shown here.

3. Updates to RFC 4253

RFC 4253 is updated to prohibit arcfour's use in SSH.

<mglt>
"""
The last sentence of the paragraph on RC4 (called "arcfour"
   in [RFC4253]) in Section 6.3 of [RFC4253]
"""

I believe that it might be clearer to quote the text as it is not easy to
locate it. I would propose the text below. </mglt>

RFC 4253 allocate the "arcfour" cipher in Section 6.3 by defining a list of
defined ciphers where the "arcfour" cipher appears as optional as mentioned
below:

"""
      arcfour          OPTIONAL          the ARCFOUR stream cipher
                                         with a 128-bit key
"""

The current document updates the status of the "arcfour" ciphers in the
list of RFC 4253 Section 6.3 by moving it from OPTIONAL to MUST NOT.

"""
      arcfour          MUST NOT          the ARCFOUR stream cipher
                                         with a 128-bit key
"""

RFC 4253 defines the "arcfour" ciphers with the text mentioned below:
"""
   The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys.
   The Arcfour cipher is believed to be compatible with the RC4 cipher
   [SCHNEIER].  Arcfour (and RC4) has problems with weak keys, and
   should be used with caution.
"""

The current document updates RFC 4253 Section 6.3 by replacing th etext
above with the following text:

"""
   The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys.
   The Arcfour cipher is believed to be compatible with the RC4 cipher
   [SCHNEIER].  Arcfour (and RC4) is steadily weakening in cryptographic
strength [RFC7457][draft-ietf-curdle-des-des-des-die-die-die-05], and
   MUST NOT be used.
"""

4. IANA Considerations

<mglt>There is a reference to 3DES i think should be removed. In addition,
IANA cannot be required to update RFCs. IANA is assigned to update the SSH
registries. With [IANA] being an informational reference to
https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml,  I
would propose the following text :</mglt>

The IANA is requested to update the Encryption Algorithm Name  Registry of
the Secure Shell (SSH) Protocol Parameters [IANA]. The Registration
procedure is IETF Review which is achieved by this document. The registry
should be updated as follows:

Encryption Algorithm Name     Reference     Note
arcfour                          [RFC-TBD]
arcfour128                     [RFC-TBD]
arcfour256                     [RFC-TBD]


Where TBD is the RFC number assigned to the document.

v2.23.0 | Report a Bug | By Email