IETF Logo Mail Archive

Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 02 September 2015 04:01 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5CE1B3F2E for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 21:01:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53xPig28FHob for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 21:01:47 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E0C41B33B6 for <saag@ietf.org>; Tue, 1 Sep 2015 21:01:46 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 89D45284D23; Wed, 2 Sep 2015 04:01:45 +0000 (UTC)
Date: Wed, 02 Sep 2015 04:01:45 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150902040145.GD9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/2LmFR5ao1A_2_jjP7lFAI4o1q3A>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 04:01:49 -0000

On Tue, Sep 01, 2015 at 11:09:23PM -0400, Kathleen Moriarty wrote:

> I think the proposed text is a lot better than what was there and I think
> there is consensus around it.  Once you get more specific, then you are
> moving away from what was agreed upon in the OS draft.  Doing that would
> require quite a bit more discussion.
> 
> The proposed text reads well to me and keeps us more consistent - use of
> weaker crypto for OS is limited to legacy deployments and is not okay for
> authenticated and encrypted sessions for OS, just unauthenticated.  If
> you have a proposal for text that keeps within the space where I think we
> have consensus, then I'm okay with change otherwise I'm not.  It might
> take reading through this draft and the OS RFC, once that has been done,
> this text makes sense... Reading big through the discussion on this over
> the past week or so may help as well.

I am not saying the proposed text is wrong on its substance, rather
I am a somewhat concerned about what seems to be misplaced emphasis.
I think Sam agrees along essentially the same lines.

I've not suggested a specific remedy, just throwing ideas out there
and hoping they might be useful.

In part I don't think I should be the only one doing all the
explaining of OS, it is best if others can make additional
contributions to the formulation of a refined consensus in this
area.

It would I think be better to note that OS (when unauthenticated
and provies only passive protection) is not fundamentally about
use of weaker crypto.  Rather it is about doing as much better than
cleartext as one can, and agility is helpful, but more quickly on
the uptake of new algos than deprecation of legacy algos, because
interop considerations and avoiding cleartext trump the urgency of
deprecating weak crypto.

That said, that's just how I see it, and I don't want force my
formulation on everyone else, so if there are other ways to improve
the text (change of emphasis) that's fine.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email