IETF Logo Mail Archive

Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06

Steve Crocker <steve@shinkuro.com> Tue, 01 September 2015 17:28 UTC

Return-Path: <steve@shinkuro.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 056071A8F35 for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 10:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.782
X-Spam-Level:
X-Spam-Status: No, score=-0.782 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DSL=1.129, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VasPwWJE9eaf for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 10:28:18 -0700 (PDT)
Received: from execdsl.com (remote.shinkuro.com [50.56.68.178]) by ietfa.amsl.com (Postfix) with ESMTP id BF7DD1A1A32 for <saag@ietf.org>; Tue, 1 Sep 2015 10:28:18 -0700 (PDT)
Received: from dummy.name; Tue, 01 Sep 2015 17:28:18 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Steve Crocker <steve@shinkuro.com>
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <20150901171652.GV9021@mournblade.imrryr.org>
Date: Tue, 01 Sep 2015 13:28:17 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7F9D2B85-3A53-4EE4-85FC-C9752F97E71E@shinkuro.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <55E5DA09.7060104@cisco.com> <20150901171652.GV9021@mournblade.imrryr.org>
To: "saag@ietf.org" <saag@ietf.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/yialQkfdzOPPrA_X5tsHMp2zKwI>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:28:20 -0000

The challenge is knowing when old algorithms can be dropped safely.  There has to be widespread adoption of newer algorithms and there has to be evidence of that widespread adoption.  Removal from the OS is the last step.  Prior to that the usage of the old algorithm has to drop to near zero, and that will happen only when it's evident to the party that chooses which algorithm to use is confident the other party is capable of using the newer algorithm.

Each of these steps takes a long time.  The process moves along more quickly if there is some sort of measurement or reporting of which algorithms the responding party is capable of using.

See RFC 6975 for our attempt to deal with this for DNSSEC.

Thanks,

Steve

Sent from my iPhone

> On Sep 1, 2015, at 1:16 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
> On Tue, Sep 01, 2015 at 07:02:01PM +0200, Eliot Lear wrote:
> 
>>> Rapid deprecation of weaker crypto is net loss for OS when the
>>> result is loss of interoperability and/or fallback to cleartext.
>> 
>> Of course, this holds true when there are no alternatives from which to
>> select.  And it ties back to the second advantage you cited:
>> 
>>> Makes it possible to phase out old deprecated algorithms.
> 
> Eventually, when "essentially everyone" supports better options,
> the old can be dropped even by OS clients and servers.  So the
> second benefit is "delayed" for OS, we quickly lift the "ceiling"
> and as time goes by and this becomes practical lift the "floor".
> 
>> But what is it one has to do?  Why is the answer simply to specify MTI
>> two actively used suites and then vary which two over some (hopefully
>> long) period over time?
> 
> Two might not in practice be enough for OS, if deployed software
> lasts 10+ years without upgrades.  Sure, only two suites might be
> MTI at a given time, but implementations will often need to continue
> to support "past" MTI suites, if those are the best available for
> a sufficient number of peers.
> 
> Thus a suite that used to be "MTI", but no longer is, becomes
> de-facto required for OS.  Actually this applies not just OS, in
> practice even mandatory security protocols need to worry about
> interoperability.  
> 
> The difference is mostly in how quickly deprecated crypto is
> abandoned, because cleartext is rarely better than weak crypto
> (modulo facilitation of downgrades against even non-OS peers ala
> logjam and EXPORT ciphers).
> 
> While browsers and webservers are moving quick to abandon RC4 in
> 2015, SMTP servers and clients are going to continue to support it
> for at least another year or two.  Some SMTP serevrs already don't
> tolerate RC4 and create pressure on the legacy systems to upgrade.
> For most, it makes more sense to continue to receive mail than to
> enforce crypto-correctness.  The overall process takes longer.
> 
> --
>    Viktor.
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email