Re: [TLS] ban more old crap

Martin Thomson <martin.thomson@gmail.com> Sat, 25 July 2015 15:02 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E391A1BF2 for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 08:02:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUJRxPs0KwdP for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 08:02:20 -0700 (PDT)
Received: from mail-yk0-x235.google.com (mail-yk0-x235.google.com [IPv6:2607:f8b0:4002:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D90A31A038F for <tls@ietf.org>; Sat, 25 Jul 2015 08:02:19 -0700 (PDT)
Received: by ykay190 with SMTP id y190so39954093yka.3 for <tls@ietf.org>; Sat, 25 Jul 2015 08:02:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ayvwRxT+rddwnsihSVTQwGNcy6G0+fbeHHIR6z+lOrs=; b=hxcu9GYpenA731DxeiSvCHYRmerJmRzzfl6KIOKbupCUT5DIHbWManD62+v2K2yZKA Nx1WjfRjLGps3hrjcqrYslngnoeed7X7dTkakwn7LcW3xY8DG19hXuHWfW5JdTM63mH1 B4DQRnCbForwFiK+0xiT8lbOpZsSJKyFKaK0+ea+3MJ28LlZ6qVxSFSD5yrg+O8WlWqQ xqunL9buGsHGfTAkpvIDEvyUraw1QzYAigomP7TLalGp3+8Im/LDSfUuKDEef5ZFBDBq hcmRVb1mtQLdTnT/rGJhtoXw7UeGoDchs3hZLC1xhEfgi+JLXrGrxk6yx17j8zWTkGjn y2JA==
MIME-Version: 1.0
X-Received: by 10.129.97.87 with SMTP id v84mr21026018ywb.56.1437836539324; Sat, 25 Jul 2015 08:02:19 -0700 (PDT)
Received: by 10.129.110.138 with HTTP; Sat, 25 Jul 2015 08:02:19 -0700 (PDT)
In-Reply-To: <CABcZeBOwO2tWa37qaNCi0scYZbEu-sCEbPoxTBS-v_Jpiz2uLw@mail.gmail.com>
References: <201507221610.27729.davemgarrett@gmail.com> <201507241257.43115.davemgarrett@gmail.com> <2164745.i4WjRk8WKj@pintsize.usersys.redhat.com> <201507241403.14071.davemgarrett@gmail.com> <20150725054622.GK4347@mournblade.imrryr.org> <55B38A47.2010002@cs.tcd.ie> <A6D81D41-6D54-4EA6-ABD3-B3C9EF05D15B@inria.fr> <CABcZeBOwO2tWa37qaNCi0scYZbEu-sCEbPoxTBS-v_Jpiz2uLw@mail.gmail.com>
Date: Sat, 25 Jul 2015 17:02:19 +0200
Message-ID: <CABkgnnXKHNcZOBr3CFH9xhmwn_fp2imj0kS-Piw=YXD3LJdcAQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-I6n3xxJsVE1_UfXTRVL6S7X-F0>
Cc: ML IETF TLS <tls@ietf.org>
Subject: Re: [TLS] ban more old crap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 15:02:21 -0000

On 25 July 2015 at 16:13, Eric Rescorla <ekr@rtfm.com> wrote:
> The only question is whether it's legal to concurrently offer RC4 with TLS
> 1.3
> for purposes of using RC4 with TLS 1.2 (just as you can offer AES-CBC
> even though TLS 1.3 does not support it.) I am trying to work through this
> myself, as the interactions with browser fallback are very complex.

And the strategies vary.  It might be that we don't need to worry
about this, because we might have widely disabled RC4 by the time TLS
1.3 ships.  https://ipv.sx/telemetry/rc4.html