IETF Logo Mail Archive

Re: [Curdle] FW: I-D Action: draft-ietf-curdle-rc4-die-die-die-03.txt

Benjamin Kaduk <kaduk@mit.edu> Sun, 10 December 2017 21:58 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40B9124239 for <curdle@ietfa.amsl.com>; Sun, 10 Dec 2017 13:58:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b007J3RF_C_G for <curdle@ietfa.amsl.com>; Sun, 10 Dec 2017 13:58:42 -0800 (PST)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D59581241F5 for <curdle@ietf.org>; Sun, 10 Dec 2017 13:58:41 -0800 (PST)
X-AuditID: 1209190d-1edff70000003876-17-5a2dae0fd45e
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 11.C1.14454.01EAD2A5; Sun, 10 Dec 2017 16:58:40 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id vBALwa66010672; Sun, 10 Dec 2017 16:58:37 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id vBALwXhN005166 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 10 Dec 2017 16:58:35 -0500
Date: Sun, 10 Dec 2017 15:58:32 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "curdle@ietf.org" <curdle@ietf.org>
Message-ID: <20171210215832.GQ39477@kduck.kaduk.org>
References: <151285096101.24658.6833692177897273472@ietfa.amsl.com> <15C5FA9C-DCC9-4C39-B102-47B4618259E4@akamai.com> <20171210213720.GO39477@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20171210213720.GO39477@kduck.kaduk.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjleLIzCtJLcpLzFFi42IRYrdT0RVYpxtl8Klf22LrwlnMFv+3dLI4 MHlMPrKA2WPJkp9MAUxRXDYpqTmZZalF+nYJXBm7TtsVPFSqOPN5HUsD43qpLkYODgkBE4kD XxW7GLk4hAQWM0l8X/CbFcLZyCjRdb2RBcK5yiTR82cLUxcjJweLgKpEy7EPrCA2m4CKREP3 ZWYQW0RAWeL4zAeMIDazgLrEr2PHwGxhAT+Jkxc/s4HYvEDb3t98CjV0EaPExxMn2CESghIn Zz5hgWn+M+8SM8h5zALSEsv/cUCE5SWat84G28UpYCrR37sQrFwUaO/evkPsExgFZyGZNAvJ pFkIk2YhmbSAkWUVo2xKbpVubmJmTnFqsm5xcmJeXmqRrpFebmaJXmpK6SZGUFBzSvLuYPx3 1+sQowAHoxIP74LZulFCrIllxZW5hxglOZiURHkTVbSjhPiS8lMqMxKLM+KLSnNSiw8xSnAw K4nwmvoBlfOmJFZWpRblw6SkOViUxHndTYDaBNITS1KzU1MLUotgsjIcHEoSvOfWADUKFqWm p1akZeaUIKSZODhBhvMADddYCzK8uCAxtzgzHSJ/ilGX49nM1w3MQix5+XmpUuK8eSCDBECK Mkrz4OaAkpFE9v6aV4ziQG8J8wqCjOIBJjK4Sa+AljABLWGarA2ypCQRISXVwOjzySz+Vtz8 JfN+tRe6nRYwMP9zb2c5z7s0t1PGIo6mGiq+5cZ2PBqXihXMDCUjpDV/TzonqfczjEWO587P D+YruVUFeN8zcTF4hR89eG3a4pceuTOn5p6bfTHhvkL07usnzt7+FCyTtVHMr6n30RmeutOu CxZXGRhMzo5s+nvaTV607f28K0osxRmJhlrMRcWJALuEe5YhAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/kqrT0TRWZsKSAyx3izRbbtGy79w>
Subject: Re: [Curdle] FW: I-D Action: draft-ietf-curdle-rc4-die-die-die-03.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Dec 2017 21:58:43 -0000

On Sun, Dec 10, 2017 at 03:37:20PM -0600, Benjamin Kaduk wrote:
> On Sun, Dec 10, 2017 at 08:42:51PM +0000, Salz, Rich wrote:
> > The security AD’s just got back to us.  Apologies from the AD’s and Chairs for letting this fall through the cracks.
> > 
> > A general “deprecate in all protocols” document is not appropriate for CURDLE.  This means that Section 4 (IMAP->EXTRA), Section 6 (DIAMETER->DIME) and Section 7 are out of scope for this WG. This is quoting Eric, one of the co-Directors.
> > 
> > On a personal level, I think Section 3 should be handled by UTA. And Section 5 has KITTEN
> 
> I think section 5 is roughly equivalent to
> draft-ietf-curdle-des-des-des-die-die-die (of which I am coauthor),
> which is currently waiting for the IESG to decide whether it is more
> appropriate to move RFC 4757 to Historic or make it Obsolete.
> So I'm surpirsed that this draft did not refer to "RFC xxxx" in
> section 5 but did refer to it in other places :)
> 
> > Even if the WG disagrees with me about 3 and 5, there is a question about if it’s worth still having this as a WG document.  Please post your reply to the list; we will call for consensus to move this forward or abandon it early in January.
> 
> I think it is worth having this WG do the work it can do in this
> space within its charter (which is probably the bits in this
> document minus sections 3 and 5).  It feels a little strange to me

A little bird points out that sections 3 and 5 are what Rich was
uncertain of, but it is sections 4, 6, and 7 that Ekr did not think
were appropriate, which is perhaps more authoritative.

> to do it all in a single document, as this does, but I wouldn't let
> that stop us from doing it.

And all in all, the mentioned sections are basically the entire
document.  So, I have to revise my opinion to "this document as-is
doesn't make much sense, but we might consider separate
document(s) for the one or two sections that may still remain".

-Ben

> > On 12/9/17, 3:22 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
> > 
> >      
> >     A New Internet-Draft is available from the on-line Internet-Drafts directories.
> >     This draft is a work item of the CURves, Deprecating and a Little more Encryption WG of the IETF.
> >     
> >             Title           : Depreciating RC4 in all IETF Protocols
> >             Author          : Luis Camara
> >     	Filename        : draft-ietf-curdle-rc4-die-die-die-03.txt
> >     	Pages           : 8
> >     	Date            : 2017-12-09
> >     
> >     Abstract:
> >        RC4 is extremely weak as shown by RFC 6649 and RFC 7457, is
> >        prohibited in TLS by RFC 7465, is prohibited in Kerberos by RFC xxxx
> >        and it needs to be prohibited in all IETF protocols. This document
> >        obsoletes RFC 4345 "Improved Arcfour Modes for the Secure Shell (SSH)
> >        Transport Layer Protocol" (note Arcfour and RC4 are synonymous).
> >        RFC 3501, RFC 4253, RFC 6649 and RFC 6733 are updated to note the
> >        deprecation of RC4 in all IETF protocols.
> >     
> >     
> >     The IETF datatracker status page for this draft is:
> >     https://datatracker.ietf.org/doc/draft-ietf-curdle-rc4-die-die-die/
> >     
> >     There are also htmlized versions available at:
> >     https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-03
> >     https://datatracker.ietf.org/doc/html/draft-ietf-curdle-rc4-die-die-die-03
> >     
> >     A diff from the previous version is available at:
> >     https://www.ietf.org/rfcdiff?url2=draft-ietf-curdle-rc4-die-die-die-03
> >     
> >     
> >     Please note that it may take a couple of minutes from the time of submission
> >     until the htmlized version and diff are available at tools.ietf.org.
> >     
> >     Internet-Drafts are also available by anonymous FTP at:
> >     ftp://ftp.ietf.org/internet-drafts/
> >     
> >     _______________________________________________
> >     Curdle mailing list
> >     Curdle@ietf.org
> >     https://www.ietf.org/mailman/listinfo/curdle
> >     
> > 
> > _______________________________________________
> > Curdle mailing list
> > Curdle@ietf.org
> > https://www.ietf.org/mailman/listinfo/curdle
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email