Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Martin Thomson <> Tue, 25 August 2015 18:13 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EF5F31A8799 for <>; Tue, 25 Aug 2015 11:13:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hVvB8owjpheL for <>; Tue, 25 Aug 2015 11:13:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7E5201A871A for <>; Tue, 25 Aug 2015 11:13:45 -0700 (PDT)
Received: by ykbi184 with SMTP id i184so164227289ykb.2 for <>; Tue, 25 Aug 2015 11:13:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8SBCx3qH5TvWzS0jw7MUZkP7Cc4Eu1c5709TQ68Qtvc=; b=TagpTReJ2tAPhOrHnoWSDutRJibf8IB7Oy1iVPOtRX4Ter/2ZY9rlTVX1uh+RF6WKU oDKBkW5b9KlLC6hIMzEnsM/C/PNA+Jfj9Fx+2dsHbwmsZDhi1/e8YLSMZdG/1duoPPYx zLwtmFFQkE7jpexgzQ/GT3OwEb5gNTqOPPTdNyrDs7pz0khHyLh/yOb639bDb4BXNk2M oZxqS8rV4962eGL57Y+bJJ442UgWWtkQpcPz0l+ji/ysibxOTx8HHhAGWuTPymPbpb/I UaZwOuwTBKJISOufb/4KY8hML7jB24zs0LJNzIXoVS1P3XhR5kA97LQxjqV9TkRhH7kQ rcxg==
MIME-Version: 1.0
X-Received: by with SMTP id k63mr40270558ywe.148.1440526424843; Tue, 25 Aug 2015 11:13:44 -0700 (PDT)
Received: by with HTTP; Tue, 25 Aug 2015 11:13:44 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
Date: Tue, 25 Aug 2015 11:13:44 -0700
Message-ID: <>
From: Martin Thomson <>
To: Kathleen Moriarty <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Cc: "" <>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Aug 2015 18:13:47 -0000

On 25 August 2015 at 10:55, Kathleen Moriarty
<>; wrote:
>> I thought we reached "rough" consensus on this point during the rather
>> intensive/extensive last-call discussions of the OS draft.  Specifically,
>> that even weaker ciphers are better than cleartext, and may need to
>> continue to be used if that's what it takes.
> I don't this point was as clearly discussed in those threads, so I'd like to hear thoughts from the community.  Thank you for sharing your opinion.
> If you think it was and have a pointer to the appropriate thread with adequate input to show support, please post it.  Otherwise, allowing others to chime in will be helpful.  I may be in the rough, but I'm not convinced of that with this thread so far.

Since Kathleen asks so nicely, I'd like to register my disagreement
with Victor on this point.

There are compatibility reasons *today* that exist as a result of
having to interoperate with old software that was built or deployed
without due regard to security updates or continuous maintenance.

However, if we expect software to be updated in order to get
opportunistic security, then I don't think it unreasonable to also
expect it to be maintained on an ongoing basis.  A sudden once-off
isn't going to cut it if we want to prepare for the eventuality where
one of the current ciphers turns out to be irredeemably busted.

If you accept that software that is updated once can be continuously
maintained thereafter, then it's not a stretch to conclude that
deploying good ciphers is equally feasible.