IETF Logo Mail Archive

Re: [Curdle] FW: I-D Action: draft-ietf-curdle-rc4-die-die-die-03.txt

Benjamin Kaduk <kaduk@mit.edu> Sun, 10 December 2017 21:37 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80FEB127866 for <curdle@ietfa.amsl.com>; Sun, 10 Dec 2017 13:37:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m_k9u6X93ajy for <curdle@ietfa.amsl.com>; Sun, 10 Dec 2017 13:37:29 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C7B91241F5 for <curdle@ietf.org>; Sun, 10 Dec 2017 13:37:26 -0800 (PST)
X-AuditID: 1209190c-cbdff70000003839-72-5a2da914ed70
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 4D.80.14393.519AD2A5; Sun, 10 Dec 2017 16:37:25 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id vBALbNNa017168; Sun, 10 Dec 2017 16:37:24 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id vBALbK8c000534 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 10 Dec 2017 16:37:22 -0500
Date: Sun, 10 Dec 2017 15:37:20 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "curdle@ietf.org" <curdle@ietf.org>
Message-ID: <20171210213720.GO39477@kduck.kaduk.org>
References: <151285096101.24658.6833692177897273472@ietfa.amsl.com> <15C5FA9C-DCC9-4C39-B102-47B4618259E4@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <15C5FA9C-DCC9-4C39-B102-47B4618259E4@akamai.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjleLIzCtJLcpLzFFi42IR4hTV1hVdqRtl0LGUy2LrwlnMFv+3dLI4 MHlMPrKA2WPJkp9MAUxRXDYpqTmZZalF+nYJXBlHDyxmLdgvU7F++yS2Bsazol2MnBwSAiYS n7c1s3UxcnEICSxmkvhx9DErhLORUeJDawdU5iqTxJKNW1lAWlgEVCV+TGhnBbHZBFQkGrov M4PYIgLKEsdnPmAEsZkF1CV+HTsGZgsL+EmcvPgZaBAHBy/QutsXLEDCQgLlEqcP/AZr5RUQ lDg58wkLTOufeZeYQcqZBaQllv/jgAjLSzRvnQ1WzilgJ9F4ahLYdFGgrXv7DrFPYBSchWTS LCSTZiFMmoVk0gJGllWMsim5Vbq5iZk5xanJusXJiXl5qUW6hnq5mSV6qSmlmxjBQS3Js4Px zBuvQ4wCHIxKPLwLZutGCbEmlhVX5h5ilORgUhLlTVTRjhLiS8pPqcxILM6ILyrNSS0+xCjB wawkwmvqB1TOm5JYWZValA+TkuZgURLndTcBahNITyxJzU5NLUgtgsnKcHAoSfDyrwBqFCxK TU+tSMvMKUFIM3FwggznARpuC1LDW1yQmFucmQ6RP8Woy/Fs5usGZiGWvPy8VClx3lfLgYoE QIoySvPg5oCSkUT2/ppXjOJAbwnzpoCM4gEmMrhJr4CWMAEtYZqsDbKkJBEhJdXAOLvQs/1Q XtSKmzva/3D92te7R++Zs4bZ/4eOKfKpR7k+eMleurLVM8hBLHPutUvH/c1fCZ1Q2rjD46xo oPSfXzn7d2/bevneyv1LbvxeUfeeYcK5FXe5Nqz2qrx31P5e1rnTfWWrXBeJXmn+rXvl6Ifv 6pOMXklJJZ6xC4vQ29H2/qXPafUJjiuUWIozEg21mIuKEwGPHTseIQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/DmCJcm_dzcYTdRJGzNUJ-jVmrRo>
Subject: Re: [Curdle] FW: I-D Action: draft-ietf-curdle-rc4-die-die-die-03.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Dec 2017 21:37:31 -0000

On Sun, Dec 10, 2017 at 08:42:51PM +0000, Salz, Rich wrote:
> The security AD’s just got back to us.  Apologies from the AD’s and Chairs for letting this fall through the cracks.
> 
> A general “deprecate in all protocols” document is not appropriate for CURDLE.  This means that Section 4 (IMAP->EXTRA), Section 6 (DIAMETER->DIME) and Section 7 are out of scope for this WG. This is quoting Eric, one of the co-Directors.
> 
> On a personal level, I think Section 3 should be handled by UTA. And Section 5 has KITTEN

I think section 5 is roughly equivalent to
draft-ietf-curdle-des-des-des-die-die-die (of which I am coauthor),
which is currently waiting for the IESG to decide whether it is more
appropriate to move RFC 4757 to Historic or make it Obsolete.
So I'm surpirsed that this draft did not refer to "RFC xxxx" in
section 5 but did refer to it in other places :)

> Even if the WG disagrees with me about 3 and 5, there is a question about if it’s worth still having this as a WG document.  Please post your reply to the list; we will call for consensus to move this forward or abandon it early in January.

I think it is worth having this WG do the work it can do in this
space within its charter (which is probably the bits in this
document minus sections 3 and 5).  It feels a little strange to me
to do it all in a single document, as this does, but I wouldn't let
that stop us from doing it.

-Ben

> On 12/9/17, 3:22 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
> 
>      
>     A New Internet-Draft is available from the on-line Internet-Drafts directories.
>     This draft is a work item of the CURves, Deprecating and a Little more Encryption WG of the IETF.
>     
>             Title           : Depreciating RC4 in all IETF Protocols
>             Author          : Luis Camara
>     	Filename        : draft-ietf-curdle-rc4-die-die-die-03.txt
>     	Pages           : 8
>     	Date            : 2017-12-09
>     
>     Abstract:
>        RC4 is extremely weak as shown by RFC 6649 and RFC 7457, is
>        prohibited in TLS by RFC 7465, is prohibited in Kerberos by RFC xxxx
>        and it needs to be prohibited in all IETF protocols. This document
>        obsoletes RFC 4345 "Improved Arcfour Modes for the Secure Shell (SSH)
>        Transport Layer Protocol" (note Arcfour and RC4 are synonymous).
>        RFC 3501, RFC 4253, RFC 6649 and RFC 6733 are updated to note the
>        deprecation of RC4 in all IETF protocols.
>     
>     
>     The IETF datatracker status page for this draft is:
>     https://datatracker.ietf.org/doc/draft-ietf-curdle-rc4-die-die-die/
>     
>     There are also htmlized versions available at:
>     https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-03
>     https://datatracker.ietf.org/doc/html/draft-ietf-curdle-rc4-die-die-die-03
>     
>     A diff from the previous version is available at:
>     https://www.ietf.org/rfcdiff?url2=draft-ietf-curdle-rc4-die-die-die-03
>     
>     
>     Please note that it may take a couple of minutes from the time of submission
>     until the htmlized version and diff are available at tools.ietf.org.
>     
>     Internet-Drafts are also available by anonymous FTP at:
>     ftp://ftp.ietf.org/internet-drafts/
>     
>     _______________________________________________
>     Curdle mailing list
>     Curdle@ietf.org
>     https://www.ietf.org/mailman/listinfo/curdle
>     
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email