Re: [kitten] [Curdle] I-D Action: draft-ietf-curdle-des-des-des-die-die-die-03.txt
Michael Jenkins <m.jenkins.364706@gmail.com> Mon, 26 June 2017 17:37 UTC
Return-Path: <m.jenkins.364706@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28BDF12EAF6 for <kitten@ietfa.amsl.com>; Mon, 26 Jun 2017 10:37:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wf2-f-eNDVQw for <kitten@ietfa.amsl.com>; Mon, 26 Jun 2017 10:37:14 -0700 (PDT)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7D0912896F for <kitten@ietf.org>; Mon, 26 Jun 2017 10:37:13 -0700 (PDT)
Received: by mail-io0-x230.google.com with SMTP id z62so4790355ioi.3 for <kitten@ietf.org>; Mon, 26 Jun 2017 10:37:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Bo8Rd7H9y5MiQnSBEfBxjudIfqm/Jwnv1F0j+S+xv7E=; b=rWX+dnWTmPUSh7bV9TRmKkYtnLlzou5mrYD3yUnkdP3g2JsNgDHqAoAlPwXoA9Epmg 4WLkkJ8jU7An5SEqT13+OvpvCY8UrJVZts+BSvhhhlBc4vDAHOe60l8AYpiOfW3Vyvo0 LCehh8FBSFsGPbLOT8O0a+cPpE8F0svyTX+sHGGR0qdOzaL1fbxOpaPbbOIzvdOpH5jX 2JliNfpwx+CbQZMCC0GxyodYLXky1Fvdbo4miSS+Tam7IOnIZ+QgB7AWU2awu7HQrrdR akVkOrNyQGD73ve5bVbqhd0Ng3Kdq0QaK48TxpfUdl0A4SU9EPR8NRCgvtQD60nylMz/ BbvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Bo8Rd7H9y5MiQnSBEfBxjudIfqm/Jwnv1F0j+S+xv7E=; b=VfJBWijl0PXtGl5v5q4i4l0h/dMqFUHCH3znE0rPiK49/U9KgCsg3YsGGdGlrxgPIx 9V8CJz33FQRnywzduMsVaeYkNjY1xRxJg+J3d8yKfDSzo/GFj964Ul5jcUUfrYl6dvfl sOCNzzwiDEe37OQW//YBOMGZJZ3wFbI6hzUJ+u79b3P8XAKHSREwS33hcoYUqIkAY/iJ wBNY5deF/weY0HyNqp0b4zjhY9Za+RnOezTFyIkjsTrg5Re4y5Ea/1bpsqanlfZ2/8I3 f4Wg1bRNJhBjgfBMaXc+MJENbWylJguoEFoBovFFZYhcpZ279fyd1FCcP8ysSsD5n4i1 joLg==
X-Gm-Message-State: AKS2vOzerYyArqBaig6IFwQd/y+TPI2kSL/Coszq3XbSSOb1J/UqVGyd 55wMMdwt+Oqrx4pBWtFqoZkEBlEMHA==
X-Received: by 10.107.9.137 with SMTP id 9mr1814635ioj.131.1498498633073; Mon, 26 Jun 2017 10:37:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.16.7 with HTTP; Mon, 26 Jun 2017 10:37:12 -0700 (PDT)
In-Reply-To: <6a5c9a4d-9be0-6a4d-3ee8-675c3430cc09@mit.edu>
References: <20170621174558.GK39245@kduck.kaduk.org> <20170623120341.C93721A6BE@ld9781.wdf.sap.corp> <20170626021135.GF17840@kduck.kaduk.org> <6a5c9a4d-9be0-6a4d-3ee8-675c3430cc09@mit.edu>
From: Michael Jenkins <m.jenkins.364706@gmail.com>
Date: Mon, 26 Jun 2017 13:37:12 -0400
Message-ID: <CAC2=hneAwB8a4YhsAdZro9dA8tHveu=Zeo+HLWHYg1-ea3Lh4A@mail.gmail.com>
To: kitten@ietf.org
Content-Type: multipart/alternative; boundary="001a113f8f14b8ea230552e06671"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/wNieSyNs23ayru8UbeCK9iA7DEc>
Subject: Re: [kitten] [Curdle] I-D Action: draft-ietf-curdle-des-des-des-die-die-die-03.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 17:37:18 -0000
Hi all, I would agree that guidance for system administrators need not appear in a document like this, and I don't see any in RFC 6649. On the other hand, most of the justification for deprecating both RC4 and 3DES /is/ about system administration. The NTLM discussion is about deployment upgrade, and the cross-realm discussion is about architecture. Neither have anything to do with the weakness of the algorithms, and both are problems that could arise with any transition. Seems that you should either remove what's not cryptographic or a direct problem that the algorithm/enc-type causes for the security of the protocol (not deployment of the protocol) ala RFC 6649, or acknowledge that your discussion has crossed over into deployment-land and at least put in a disclaimer that what you've written is merely justification for the deprecation, and not an assessment that the deprecation can be implemented with no breakage. On Mon, Jun 26, 2017 at 12:02 PM, Greg Hudson <ghudson@mit.edu> wrote: > On 06/25/2017 10:11 PM, Benjamin Kaduk wrote: > >>> [...] there may be additional logistical considerations > >>> involved such as provisioning AES keys [...] > > > (Jeffrey Altman wrote:) > > % In my opinion, such text is inappropriate for an RFC. The deprecation > > % of the encryption type is a protocol action. The RFC is not guidance > > % for system administrators. > > Ben wrote: > > Can others please weigh in? > > I don't think we need guidance for system administrators in this > document, and we don't appear to have any such guidance in RFC 6649. I > am okay with including such guidance in an appendix, but I don't believe > it is a requirement for publication. > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten > -- Mike Jenkins mjjenki@tycho.ncsc.mil - if you want me to read it only at my desk m.jenkins.364706@gmail.com - to read everywhere 443-634-3951
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Benjamin Kaduk
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Jeffrey Altman
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Benjamin Kaduk
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Martin Rex
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Martin Rex
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Benjamin Kaduk
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Benjamin Kaduk
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Jeffrey Altman
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Michiko Short
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Martin Rex
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Benjamin Kaduk
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Greg Hudson
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Michael Jenkins
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Daniel Migault
- Re: [kitten] [Curdle] I-D Action: draft-ietf-curd… Benjamin Kaduk