Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06

Russ Housley <housley@vigilsec.com> Tue, 01 September 2015 20:59 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99951B4094 for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 13:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QAfn7C-qAJVC for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 13:59:14 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 73EF21B3AB9 for <saag@ietf.org>; Tue, 1 Sep 2015 13:59:14 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 08632F24132 for <saag@ietf.org>; Tue, 1 Sep 2015 16:59:04 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id R9iYna-kQByJ for <saag@ietf.org>; Tue, 1 Sep 2015 16:57:46 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 0D89BF24145 for <saag@ietf.org>; Tue, 1 Sep 2015 16:58:42 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150901165526.GU9021@mournblade.imrryr.org>
Date: Tue, 01 Sep 2015 16:58:31 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/126Is19mhYYuWKnEvRSYSYg6Woo>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 20:59:15 -0000

I'm trying to pull together the things that I have heard on this thread over the last week regarding Section 2.9.  I think I have captured them.  Please let me know if I missed something?

2.9.  Opportunistic Security

   Despite the guidance in Section 2.4, opportunistic security [RFC7435]
   also deserves consideration, especially at the time a protocol
   implementation is deployed and configured.  Using algorithms that are
   weak against advanced attackers but sufficient against others is one
   way to make pervasive surveillance significantly more difficult.  As
   a result, algorithms that would not be acceptable in many negotiated
   situations are acceptable for opportunistic security when legacy
   systems are in use for unauthenticated encrypted sessions as
   discussed in Section 3 of [RFC7435] as long as their use does not
   facilitate downgrade attacks.  Similarly, weaker algorithms and
   shorter key sizes are also acceptable for opportunistic security with
   the same constraints.  That said, the use of strong algorithms is
   always preferable.

Russ