Re: [TLS] NULL cipher to become a MUST NOT in UTA BCP

Nico Williams <nico@cryptonector.com> Wed, 03 September 2014 20:07 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F4B81A6EFC for <tls@ietfa.amsl.com>; Wed, 3 Sep 2014 13:07:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FNbwURdUDLLx for <tls@ietfa.amsl.com>; Wed, 3 Sep 2014 13:07:19 -0700 (PDT)
Received: from homiemail-a86.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 68A0E1A0658 for <tls@ietf.org>; Wed, 3 Sep 2014 13:07:19 -0700 (PDT)
Received: from homiemail-a86.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a86.g.dreamhost.com (Postfix) with ESMTP id 4628536006D for <tls@ietf.org>; Wed, 3 Sep 2014 13:07:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=EcfRwkO/Yt630v0Vc+kv AdklOas=; b=AjfhzdXo83oWBUHAeUrvoKMMufC/qGMypOOoCVeLnqQEZ9DLVb3T jHs6tRH27SDtSt5DHbZI8FwPyOd97lkpKilcN02w8EeAW+91+60M09QFOjOHFfiZ 9EzLQTv5g7XCr5iNZo65HoyXADIOIBQcBFKGsQfit3wNJe94yI2xcwQ=
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a86.g.dreamhost.com (Postfix) with ESMTPSA id E3E2F36006A for <tls@ietf.org>; Wed, 3 Sep 2014 13:07:18 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id n3so1631354wiv.17 for <tls@ietf.org>; Wed, 03 Sep 2014 13:07:17 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.75.17 with SMTP id y17mr37781613wiv.3.1409774837745; Wed, 03 Sep 2014 13:07:17 -0700 (PDT)
Received: by 10.216.231.131 with HTTP; Wed, 3 Sep 2014 13:07:17 -0700 (PDT)
In-Reply-To: <540770DF.105@net.in.tum.de>
References: <54048985.1020005@net.in.tum.de> <CAMeZVwtQ09B6Ero2C=75m5JdAYnEAENNcESd_gg_Ro2UhA9dyA@mail.gmail.com> <3EB754B7-F6B2-4207-A2F0-E61F32EE1E40@ll.mit.edu> <54075016.6040406@net.in.tum.de> <20140903174958.GF14392@mournblade.imrryr.org> <5407574B.5060708@net.in.tum.de> <9120B6EE-F023-4724-9116-A169993F58E8@ll.mit.edu> <14f6960e-e625-4252-ad7d-2bf8295f71fc@email.android.com> <9D33A9AF-5613-49DD-B024-DD5CDA49CFC9@ll.mit.edu> <540770DF.105@net.in.tum.de>
Date: Wed, 03 Sep 2014 15:07:17 -0500
Message-ID: <CAK3OfOgY8vX-_CwDqKcEYq5v+OHG-FfD7tcYv4dXC6JrZJq+yQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Ralph Holz <holz@net.in.tum.de>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/9dXMt5Azf-Xo7yOPwjp4Ooq42GM
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] NULL cipher to become a MUST NOT in UTA BCP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2014 20:07:20 -0000

On Wed, Sep 3, 2014 at 2:49 PM, Ralph Holz <holz@net.in.tum.de> wrote:
> Good day,
>
>>> MUST NOT is correct. Nowhere does RFC2119 say that the term
>>> deployment equals implementation in code.
>>
>> Misunderstanding of the RFC, IMHO.
>
> You will need to give evidence if you want others to follow your argument.

Ralph,

Uri is quite right.  You really should read RFC2119.  Here's the money quote:

2. MUST NOT   This phrase, or the phrase "SHALL NOT", mean that the
   definition is an absolute prohibition of the specification.

There is absolutely no hedging there.  There is no more evidence to
post, really.  What more could you need?  "absolute prohibition" is as
clear as it gets.

Nico
--