Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 01 September 2015 17:17 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1321D1B5792 for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 10:17:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4Fb278O25ck for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 10:17:10 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A34C1B4216 for <saag@ietf.org>; Tue, 1 Sep 2015 10:16:53 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 7DF72284B6C; Tue, 1 Sep 2015 17:16:52 +0000 (UTC)
Date: Tue, 01 Sep 2015 17:16:52 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150901171652.GV9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <55E5DA09.7060104@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <55E5DA09.7060104@cisco.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/vv_mgJmodC-5ZRsCY_VaR1Ymsqo>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:17:15 -0000
On Tue, Sep 01, 2015 at 07:02:01PM +0200, Eliot Lear wrote: > > Rapid deprecation of weaker crypto is net loss for OS when the > > result is loss of interoperability and/or fallback to cleartext. > > Of course, this holds true when there are no alternatives from which to > select. And it ties back to the second advantage you cited: > > > Makes it possible to phase out old deprecated algorithms. Eventually, when "essentially everyone" supports better options, the old can be dropped even by OS clients and servers. So the second benefit is "delayed" for OS, we quickly lift the "ceiling" and as time goes by and this becomes practical lift the "floor". > But what is it one has to do? Why is the answer simply to specify MTI > two actively used suites and then vary which two over some (hopefully > long) period over time? Two might not in practice be enough for OS, if deployed software lasts 10+ years without upgrades. Sure, only two suites might be MTI at a given time, but implementations will often need to continue to support "past" MTI suites, if those are the best available for a sufficient number of peers. Thus a suite that used to be "MTI", but no longer is, becomes de-facto required for OS. Actually this applies not just OS, in practice even mandatory security protocols need to worry about interoperability. The difference is mostly in how quickly deprecated crypto is abandoned, because cleartext is rarely better than weak crypto (modulo facilitation of downgrades against even non-OS peers ala logjam and EXPORT ciphers). While browsers and webservers are moving quick to abandon RC4 in 2015, SMTP servers and clients are going to continue to support it for at least another year or two. Some SMTP serevrs already don't tolerate RC4 and create pressure on the legacy systems to upgrade. For most, it makes more sense to continue to receive mail than to enforce crypto-correctness. The overall process takes longer. -- Viktor.
- [saag] Section 2.9: was Re: AD review of draft-ia… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Eliot Lear
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Steve Crocker
- Re: [saag] Section 2.9: was Re: AD review of draf… Salz, Rich
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Sam Hartman
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Barry Leiba
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Stephen Farrell
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Sam Hartman
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty