Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 24 August 2015 21:50 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F42071B2AD8 for <saag@ietfa.amsl.com>; Mon, 24 Aug 2015 14:50:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRqSO027TM9E for <saag@ietfa.amsl.com>; Mon, 24 Aug 2015 14:50:38 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 840F31B2B3F for <saag@ietf.org>; Mon, 24 Aug 2015 14:50:38 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id B0B36284D64; Mon, 24 Aug 2015 21:50:37 +0000 (UTC)
Date: Mon, 24 Aug 2015 21:50:37 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150824215037.GO9021@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <CD936D80-BEA2-4918-828C-E3A392761EC5@gmail.com> <20150727194020.GD15860@localhost> <55B6D36C.70105@iang.org> <20150728013020.GO4347@mournblade.imrryr.org> <DM2PR0301MB0655CF099FA7C56E9B9D24A9A88D0@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150728053035.GR4347@mournblade.imrryr.org> <CAHbuEH7B3_G9vAhw=U2tuz-Uh8mKMUfL6s=H+BOG96FDZaACig@mail.gmail.com> <20150824212907.GN9021@mournblade.imrryr.org> <619ffebb05ba4e2a9af03a6dcc768d6e@ustx2ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <619ffebb05ba4e2a9af03a6dcc768d6e@ustx2ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/VdSvQqZSviZ-jRvJFboOXvfntCo>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2015 21:50:41 -0000

On Mon, Aug 24, 2015 at 09:32:38PM +0000, Salz, Rich wrote:

> > With *legacy* protocols, when negotiating unauthenticated opportunistic
> > encryption, it is important to not exclude recently obsoleted algorithms that
> > are still needed for interoperability lest failing to offer them cause
> > communications failure or needless use of cleartext.
> 
> And here, I think, is the rub.
> 
> SMTP is a legacy protocol.  Is opportunistically-encrypted SMTP a legacy
> protocol?

Yes.

    http://tools.ietf.org/html/rfc2487  (January 1999)

TLS support for Postfix (patch-set from Lutz Jaenicke):

    https://github.com/vdukhovni/postfix/blob/master/postfix/TLS_CHANGES (initial version 1999/03/29)

> How long has it been in common use?

Somewhere between 12 and 15 years.  I call that "legacy".

Opportunistic TLS was added to Microsoft Exchange 2003, and further
extended in 2007.

Wietse adopted the unofficial patch-set into mainstream Postfix in
2005.  It had been merged into Postfix by various Linux distributions
prior to that.

> How old is the crypto that these deployed systems have access to?

The Windows 2003-based systems, which are still in use, only do
TLS 1.0 with RC4-{SHA,MD5}.  

Many older Linux systems still only have OpenSSL 0.9.8 and also
support only TLS 1.0, SSL 2.0 and SSL 3.0.  With no ECDHE.

-- 
	Viktor.