Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 03 October 2014 16:25 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B2C31A0387 for <tls@ietfa.amsl.com>; Fri, 3 Oct 2014 09:25:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.986
X-Spam-Level:
X-Spam-Status: No, score=-4.986 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qjUpY9vOCJqJ for <tls@ietfa.amsl.com>; Fri, 3 Oct 2014 09:25:12 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54D461A0384 for <tls@ietf.org>; Fri, 3 Oct 2014 09:25:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1412353512; x=1443889512; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=9RPgEIy7RFM8QSp9IxmFIvpTmAew6KNd73PZtS7A1g8=; b=Bn30dfTjE0Q1v6/41Mzup1nedEjn5ddKwhY0k5jPgqlwbXlF8KZy92sq ZfozIINJFPDr5DGE/cWJVWWZHGUeSemL+PZ40Bl5EJYFlBDiiWhlpitgT pS+Nu9eDOkehIHkFE5gDLeTe/0n7RnOVfNqJgogSPk62j/H1D3p2pUJkb k=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="280240771"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 04 Oct 2014 05:25:07 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.70]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0174.001; Sat, 4 Oct 2014 05:25:07 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
Thread-Index: Ac/fJpeYqJWNhqq0Q+StElEGYEuZ3g==
Date: Fri, 03 Oct 2014 16:25:06 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9C0CCC@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/6PYKySpKEml8yI1HQQuYMOTh3go
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 16:25:16 -0000

Alyssa Rowan <akr@akr.io> writes:

>As I've pointed out, if you're forced into backwards compatibility with rusty
>legacy, 3DES is, though crappy, a less crappy choice than RC4.
>
>As Rich points out, just because legacy devices are indeed out there doesn't
>mean that they do TLS safely, and doesn't mean we shouldn't prohibit unsafe
>practice like using weak ciphers.

It's not just TLS implementations, you also need to look at the surrounding
infrastructure.  For example Microsoft's NDES (Network Device Enrolment
Service) hardcodes in MD5 to authenticate certs (via cert fingerprints) and
single DES (not 3DES, single DES) for "protection" of messages (even if you
send in a request using AES, the response comes back using single DES).  In
other words the most modern algorithm in there is more than twenty years old,
and it's broken.  So it doesn't matter how secure the TLS implementation is if
the certs used to control it are being "protected" with broken crypto.

Peter.