[TLS] Prohibiting RC4 Cipher Suites
Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 22 August 2013 07:35 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C990E11E80E0 for <tls@ietfa.amsl.com>; Thu, 22 Aug 2013 00:35:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IzPMmVhPV74c for <tls@ietfa.amsl.com>; Thu, 22 Aug 2013 00:35:47 -0700 (PDT)
Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) by ietfa.amsl.com (Postfix) with ESMTP id 7831F21F9FE5 for <tls@ietf.org>; Thu, 22 Aug 2013 00:35:43 -0700 (PDT)
Received: by mail-wg0-f51.google.com with SMTP id a12so1250497wgh.6 for <tls@ietf.org>; Thu, 22 Aug 2013 00:35:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=vR5GQZqPg/gDRNYlyDoTnqTR1mETxpOJV9388/j2Yrg=; b=YSF1x1llm5qq31HYueKnoUPB6VykW+nV3qP2x5M09Lay/AN/iWVWi1RpNxlH7UxNfH N9GWt1UfP4u05qqh2/LA5gfcfIyJQ86KA82WuLf0gSinDNvsjp5PEbE+D9rknNyPjorO is7+B1JxTL0qIRAkRh2fEoue669fkaUUJjksD5FcKLVrjNKVqzdNOQMyH92PlchWMuc5 8EJQQLnwhXZWa0Y/5gweDg7qrvyPV/4oT3xsOIbOsWbCykIEuRT09D3sflvP3OcqKetf ijPc40wHaYmnRC9baKBG9VY0UGs4y7w6q5xD31KNkFzwSKLPWLfvEQvMCOQ28S9OGv9g qEZQ==
X-Received: by 10.180.189.37 with SMTP id gf5mr8643119wic.31.1377156940224; Thu, 22 Aug 2013 00:35:40 -0700 (PDT)
Received: from [10.0.0.145] (46-116-127-98.bb.netvision.net.il. [46.116.127.98]) by mx.google.com with ESMTPSA id i5sm36348884wiw.7.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 22 Aug 2013 00:35:39 -0700 (PDT)
Message-ID: <5215BF4A.7020909@gmail.com>
Date: Thu, 22 Aug 2013 10:35:38 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [TLS] Prohibiting RC4 Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2013 07:35:47 -0000
Hi Andrei, Thank you for the new draft. While I agree with the motivation and with the first two recommendations (do not offer RC4, do not accept RC4 - if possible!) I disagree that it is better to completely reject a client that offers only RC4, because the intuitive fallback for Web users is simply, don't do TLS. In a world of pervasive passive surveillance (see https://www.ietf.org/mailman/listinfo/perpass) we would prefer sessions to be encrypted even if it means that an active attacker, working hard, can break into them. And yes, the is the age old "false sense of security" discussion, yet again. Thanks, Yaron <https://www.ietf.org/mailman/listinfo/perpass>
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Paterson, Kenny
- [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov