Re: [TLS] Prohibiting RC4 Cipher Suites
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 21 August 2013 21:13 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09F721F9D7C for <tls@ietfa.amsl.com>; Wed, 21 Aug 2013 14:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.533
X-Spam-Level:
X-Spam-Status: No, score=0.533 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AzWH7nw0e0nw for <tls@ietfa.amsl.com>; Wed, 21 Aug 2013 14:13:16 -0700 (PDT)
Received: from db8outboundpool.messaging.microsoft.com (mail-db8lp0189.outbound.messaging.microsoft.com [213.199.154.189]) by ietfa.amsl.com (Postfix) with ESMTP id 8B23D21F9D7B for <tls@ietf.org>; Wed, 21 Aug 2013 14:13:15 -0700 (PDT)
Received: from mail186-db8-R.bigfish.com (10.174.8.249) by DB8EHSOBE019.bigfish.com (10.174.4.82) with Microsoft SMTP Server id 14.1.225.22; Wed, 21 Aug 2013 21:13:14 +0000
Received: from mail186-db8 (localhost [127.0.0.1]) by mail186-db8-R.bigfish.com (Postfix) with ESMTP id 5FC28B00121 for <tls@ietf.org>; Wed, 21 Aug 2013 21:13:14 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:134.219.208.107; KIP:(null); UIP:(null); IPV:NLI; H:EXCH-HUB01.cc.rhul.local; RD:exch-hub01.rhul.ac.uk; EFVD:NLI
X-SpamScore: -29
X-BigFish: VPS-29(zzbb2dI98dI1432Ia65R14ffId997mzz1f42h208ch1ee6h1de0h1d18h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hz97hz1de098h1033IL17326ah1de096h18602eh8275bh8275dh1de097hz2dh2a8h683h839h947he5bhf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h1b0ah1d0ch1d2eh1d3fh1dc1h1dfeh1dffh1e1dh1fe8h1ff5h1155h)
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.248.133; KIP:(null); UIP:(null); (null); H:AMXPRD0310HT002.eurprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail186-db8 (localhost.localdomain [127.0.0.1]) by mail186-db8 (MessageSwitch) id 1377119592919377_9899; Wed, 21 Aug 2013 21:13:12 +0000 (UTC)
Received: from DB8EHSMHS031.bigfish.com (unknown [10.174.8.229]) by mail186-db8.bigfish.com (Postfix) with ESMTP id D222F40041 for <tls@ietf.org>; Wed, 21 Aug 2013 21:13:12 +0000 (UTC)
Received: from EXCH-HUB01.cc.rhul.local (134.219.208.107) by DB8EHSMHS031.bigfish.com (10.174.4.41) with Microsoft SMTP Server (TLS) id 14.16.227.3; Wed, 21 Aug 2013 21:13:12 +0000
Received: from db9outboundpool.messaging.microsoft.com (134.219.208.67) by hybrid.rhul.ac.uk (134.219.208.107) with Microsoft SMTP Server (TLS) id 14.2.328.9; Wed, 21 Aug 2013 22:13:12 +0100
Received: from mail220-db9-R.bigfish.com (10.174.16.244) by DB9EHSOBE033.bigfish.com (10.174.14.96) with Microsoft SMTP Server id 14.1.225.22; Wed, 21 Aug 2013 21:13:11 +0000
Received: from mail220-db9 (localhost [127.0.0.1]) by mail220-db9-R.bigfish.com (Postfix) with ESMTP id 953A3800CF for <tls@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Wed, 21 Aug 2013 21:13:11 +0000 (UTC)
Received: from mail220-db9 (localhost.localdomain [127.0.0.1]) by mail220-db9 (MessageSwitch) id 137711959026522_18506; Wed, 21 Aug 2013 21:13:10 +0000 (UTC)
Received: from DB9EHSMHS031.bigfish.com (unknown [10.174.16.251]) by mail220-db9.bigfish.com (Postfix) with ESMTP id 038B720045; Wed, 21 Aug 2013 21:13:10 +0000 (UTC)
Received: from AMXPRD0310HT002.eurprd03.prod.outlook.com (157.56.248.133) by DB9EHSMHS031.bigfish.com (10.174.14.41) with Microsoft SMTP Server (TLS) id 14.16.227.3; Wed, 21 Aug 2013 21:13:09 +0000
Received: from AMXPRD0310MB377.eurprd03.prod.outlook.com ([169.254.2.159]) by AMXPRD0310HT002.eurprd03.prod.outlook.com ([10.255.55.37]) with mapi id 14.16.0347.000; Wed, 21 Aug 2013 21:13:08 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Andrei Popov <Andrei.Popov@microsoft.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Prohibiting RC4 Cipher Suites
Thread-Index: Ac6esIChBWliS7Z2TPWoD9XjLTgjuf//kBKA
Date: Wed, 21 Aug 2013 21:13:07 +0000
Message-ID: <CE3A7A2A.9736%kenny.paterson@rhul.ac.uk>
In-Reply-To: <2a98812c79804000ad1e74557a10125a@BL2PR03MB194.namprd03.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [10.255.55.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <6CE087FA8AEAA14D82E72135C319B946@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%36694$Dn%MICROSOFT.COM$RO%2$TLS%5$FQDN%hybrid.rhul.ac.uk$TlsDn%hybrid.rhul.ac.uk
X-FOPE-CONNECTOR: Id%36694$Dn%IETF.ORG$RO%2$TLS%5$FQDN%hybrid.rhul.ac.uk$TlsDn%hybrid.rhul.ac.uk
X-OriginatorOrg: rhul.ac.uk
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: Re: [TLS] Prohibiting RC4 Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 21:13:21 -0000
Andrei, Your intro says: "Recent cryptanalysis results [ALF] exploit biases in the RC4 keystream to recover early portions of plaintexts." The attacks can recover repeated plaintext from ANYWHERE in the plaintext stream, so they are more flexible in application than your text suggests. Another (better?) link for the attacks by AlFardan et al. is www.isg.rhul.ac.uk/tls. The "official" USENIX link, which should be long-lasting, is: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls Best wishes Kenny On 21/08/2013 13:59, "Andrei Popov" <Andrei.Popov@microsoft.com> wrote: >Hello All, > >RC4 is a widely deployed cipher, which is commonly preferred by TLS >servers: our tests show ~40% of the high-traffic HTTPS sites pick RC4 if >IE offers this cipher. A significant percentage of web sites and e-mail >servers have only RC4 enabled, > so a client cannot altogether disable RC4 without breaking >interoperability. At the same time, attacks on RC4 are improving (e.g. >http://www.isg.rhul.ac.uk/tls/), to the point that practical exploits are >possible. > >I have posted a new Internet-Draft ³Prohibiting RC4 Cipher Suites² >(draft-popov-tls-prohibiting-rc4-00 ><http://datatracker.ietf.org/doc/draft-popov-tls-prohibiting-rc4/>) to >deprecate the use of RC4 cipher suites in TLS. > >Looking forward to comments and feedback on the draft, > >Andrei Popov >
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Paterson, Kenny
- [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov