Re: [TLS] ban more old crap
Eric Rescorla <ekr@rtfm.com> Sat, 25 July 2015 14:14 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586BA1B312B for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 07:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QgE6gS3RI-Ji for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 07:14:21 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E0931B312A for <tls@ietf.org>; Sat, 25 Jul 2015 07:14:21 -0700 (PDT)
Received: by wibud3 with SMTP id ud3so64379670wib.0 for <tls@ietf.org>; Sat, 25 Jul 2015 07:14:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ceOkR9yFnwr09S6wSZIpSIkEcmThzGcInLzadp5VZVQ=; b=hikCl35gi2lPSacGtqjZHhiz2f7tdvF0BRQBqx0x9/a5wPADEpjYOMWko3vczGX4zc A1MUqrephIrsPZ6HtCZ6u6TnU/WajawIFAbAlaKc/h5sUpM/Cz2MhyZlZ9nrDCfh+Sos QSQVasyJWqIGx6Jg8DYhBrXjpRE48AXh8MNejyotpNR57VazPDzfebpGZNyy080PYH2N lGfYBgCJzLVgSYqPHdN/M6QMD35oo3hW/P06xtWAa97E+k+SF3evOgCl1q2vhaJ384wA crWSsRACrYQ3KIObK+hfzQY8GNpXY+zXKD/F2j+9k1CwW3nPx1Doncg/67C97UoWu0DG 5fEw==
X-Gm-Message-State: ALoCoQl/YRkDUK3tjb5UUvybhfb3Rdvb9NP+SMxMFYEiYRN3YOtrEfAUvQDwK8/OVZih1/Tjind2
X-Received: by 10.194.79.225 with SMTP id m1mr37243728wjx.8.1437833660188; Sat, 25 Jul 2015 07:14:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.10.30 with HTTP; Sat, 25 Jul 2015 07:13:39 -0700 (PDT)
In-Reply-To: <A6D81D41-6D54-4EA6-ABD3-B3C9EF05D15B@inria.fr>
References: <201507221610.27729.davemgarrett@gmail.com> <201507241257.43115.davemgarrett@gmail.com> <2164745.i4WjRk8WKj@pintsize.usersys.redhat.com> <201507241403.14071.davemgarrett@gmail.com> <20150725054622.GK4347@mournblade.imrryr.org> <55B38A47.2010002@cs.tcd.ie> <A6D81D41-6D54-4EA6-ABD3-B3C9EF05D15B@inria.fr>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 25 Jul 2015 16:13:39 +0200
Message-ID: <CABcZeBOwO2tWa37qaNCi0scYZbEu-sCEbPoxTBS-v_Jpiz2uLw@mail.gmail.com>
To: Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
Content-Type: multipart/alternative; boundary="047d7b10c9038ffb15051bb3bc7c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5QSLUcMyfiKC3XkN9qcCRo9a7KU>
Cc: ML IETF TLS <tls@ietf.org>
Subject: Re: [TLS] ban more old crap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 14:14:23 -0000
To be clear: TLS 1.3 does not support RC4. The only question is whether it's legal to concurrently offer RC4 with TLS 1.3 for purposes of using RC4 with TLS 1.2 (just as you can offer AES-CBC even though TLS 1.3 does not support it.) I am trying to work through this myself, as the interactions with browser fallback are very complex. -Ekr On Sat, Jul 25, 2015 at 3:41 PM, Benjamin Beurdouche < benjamin.beurdouche@inria.fr> wrote: > > > On 25/07/15 06:46, Viktor Dukhovni wrote: > >> I hope, that by ~2017, RC4 will no longer be required either, and > >> we'll be able to disable RC4 in Postfix at that time. > > > > Seems to me that should be a reasonable match for expecting to see > > TLS1.3 getting deployed in lots of parts of the mail infrastructure, > > so that date would argue to not support rc4 at all in TLS1.3 in my > > conclusion (not that I know much about mail deployment trends). > > > > And if we have any support for rc4 in TLS1.3 it'll end up a footgun > > that'll damage many toes, so count me amongst those arguing for no > > rc4 (or similar) at all in TLS1.3. > > +1, though, my understanding was that RC4 was already out of TLS 1.3.. > In general I think we could all agree that we should never keep broken > stuff in TLS even if it is used a lot… > > Best, > B. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] A la carte concerns from IETF 93 Dave Garrett
- Re: [TLS] A la carte concerns from IETF 93 Hubert Kario
- Re: [TLS] A la carte concerns from IETF 93 Ilari Liusvaara
- [TLS] ban more old crap (was: A la carte concerns… Dave Garrett
- Re: [TLS] ban more old crap (was: A la carte conc… Viktor Dukhovni
- Re: [TLS] ban more old crap (was: A la carte conc… Dave Garrett
- Re: [TLS] ban more old crap Stephen Farrell
- Re: [TLS] ban more old crap (was: A la carte conc… Yuhong Bao
- Re: [TLS] ban more old crap Eric Rescorla
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap (was: A la carte conc… Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Ilari Liusvaara
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Yuhong Bao
- Re: [TLS] ban more old crap Ilari Liusvaara
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Salz, Rich
- Re: [TLS] ban more old crap Stephen Farrell
- Re: [TLS] ban more old crap Benjamin Beurdouche
- Re: [TLS] ban more old crap Eric Rescorla
- Re: [TLS] ban more old crap Martin Thomson
- Re: [TLS] ban more old crap Salz, Rich
- Re: [TLS] ban more old crap Martin Thomson
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Viktor Dukhovni