Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 01 September 2015 21:19 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAE851B2FBC for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 14:19:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YlcCiSFWT00S for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 14:19:08 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FDD01B2F37 for <saag@ietf.org>; Tue, 1 Sep 2015 14:19:08 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 919BD284B6C; Tue, 1 Sep 2015 21:19:06 +0000 (UTC)
Date: Tue, 01 Sep 2015 21:19:06 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150901211906.GA9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/63EMURtm6j0Vj740fSLv4PBBxL4>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 21:19:10 -0000
On Tue, Sep 01, 2015 at 04:58:31PM -0400, Russ Housley wrote: > I'm trying to pull together the things that I have heard on this thread > over the last week regarding Section 2.9. I think I have captured them. > Please let me know if I missed something? > > 2.9. Opportunistic Security > > Despite the guidance in Section 2.4, opportunistic security [RFC7435] > also deserves consideration, especially at the time a protocol > implementation is deployed and configured. Using algorithms that are > weak against advanced attackers but sufficient against others is one > way to make pervasive surveillance significantly more difficult. As > a result, algorithms that would not be acceptable in many negotiated > situations are acceptable for opportunistic security when legacy > systems are in use for unauthenticated encrypted sessions as > discussed in Section 3 of [RFC7435] as long as their use does not > facilitate downgrade attacks. Similarly, weaker algorithms and > shorter key sizes are also acceptable for opportunistic security with > the same constraints. That said, the use of strong algorithms is > always preferable. I still think that the focus on just the weak(er) algorithms in OS is unfortunate. Rather agility and OS work hand-in-hand to improve communications to the extent possible. As new algorithms are deployed, opportunistic peers will autmatically start to use stronger cryptography. Once new algorithms have largely displaced legacy algorithms, one can begin considering retirement of algorithms that used to be required for interoperability. This process is likely to take longer for OS protocols/applications because interoperability carries greater weight when security is not a hard requirement and the alternative is cleartext. So I'd like to see text that first emphasises the good news (over time agility improves the security of OS protocols). Then the bad news (retirement of legacy crypto takes longer). And finally notes that OS is not carte-blanche for weak crypto, new OS applications need to start with non-deprecated crypto, and legacy crypto needs to still be retired once no longer needed. -- Viktor.
- [saag] Section 2.9: was Re: AD review of draft-ia… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Eliot Lear
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Steve Crocker
- Re: [saag] Section 2.9: was Re: AD review of draf… Salz, Rich
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Sam Hartman
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Barry Leiba
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Stephen Farrell
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Sam Hartman
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty