Re: [TLS] TLS 1.2 Long-term Support Profile vs HTTP/2.0

Dave Garrett <davemgarrett@gmail.com> Sat, 02 April 2016 03:17 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62FBF12D510 for <tls@ietfa.amsl.com>; Fri, 1 Apr 2016 20:17:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qa8XOs0tfcgW for <tls@ietfa.amsl.com>; Fri, 1 Apr 2016 20:17:21 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 637A412D506 for <tls@ietf.org>; Fri, 1 Apr 2016 20:17:21 -0700 (PDT)
Received: by mail-qg0-x234.google.com with SMTP id f52so15029856qga.3 for <tls@ietf.org>; Fri, 01 Apr 2016 20:17:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-transfer-encoding:message-id; bh=FiVYYUSeL0sUNqQILvrDDyUgU2YLYbd9j2Ir7oz61wk=; b=rjlp47DTbb5Krt4zC3nyyJV4pJg9QXo7TA9bVp4bktH2Iy7jXfuuUgcSfCMe3+PoNT lhtWYmm0zS/27H0ESL1dNpOhOvOVKKaZ/d7zy2nWMYXorQGNl3hgDPaF1hvgg6IRHeAW lIHIs+/alZa4ChEG6ZV4k0PIg9f4HYTRx0y66U2g7rB6srm/fdZLK5mZYWxVPtGxmC9C Jk3y4gJQneEcH/enr5sXI9A57t4Gk/vOKIKFiQZ5cdmrrToY9CBgY/QdJYOMPjsaVptk 1yOqWPYnCQZWUe6Sfu1kTa2NLtxsJ4iLNajNoa2xNi7SBSa/HrXxGBzLmmpY7mqnfy0T IsAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=FiVYYUSeL0sUNqQILvrDDyUgU2YLYbd9j2Ir7oz61wk=; b=X9gSbUATdGUFMmkbQaHcXBeBiC0QsBVCkG7l9GDMhgNBtogPMUNZBz6zb6YUe0yBok tj/+xipofM/LD1D5o7vdkuEIjJBMtUmYosq8B4RFC7R5uzObbycJtff3F6TW++Z4R6YW SzZCH2QoZ0JjE112KO0naNXEqPHVdQSX7v1Ojd1pcqSrW1BTDZ7w2h6i+svV76JpSUGu i0lD80SmZY54C0574R8fwS5BD5qVY/BpadHv6fa49q9bzpZzpFjcIbXsTXDXcu0xKz2W p4x3e3NCnD4Nb9VvZ2HSm3Ho1PYQYnWzFvDaKX2QFs2PGU/DKN+H94KEyNbw1zGcd1Y7 jPfA==
X-Gm-Message-State: AD7BkJIhoLS/AZqGktm6N4FutFWW7SvIyOanRdjQU+mr6nIxjjaJ8UYl96IXgrc96eBRcw==
X-Received: by 10.140.104.242 with SMTP id a105mr10668429qgf.1.1459567040536; Fri, 01 Apr 2016 20:17:20 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-175-20-227.phlapa.fios.verizon.net. [71.175.20.227]) by smtp.gmail.com with ESMTPSA id o8sm7557775qko.24.2016.04.01.20.17.19 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 01 Apr 2016 20:17:19 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Fri, 1 Apr 2016 23:17:18 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <9A043F3CF02CD34C8E74AC1594475C73F4C2374E@uxcn10-tdc05.UoA.auckland.ac.nz> <1459497291.3034.20.camel@redhat.com>
In-Reply-To: <1459497291.3034.20.camel@redhat.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201604012317.18650.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AK_JlZ6Zjp6FsBOlxhpY6n76vNM>
Subject: Re: [TLS] TLS 1.2 Long-term Support Profile vs HTTP/2.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Apr 2016 03:17:23 -0000

On Friday, April 01, 2016 03:54:51 am Nikos Mavrogiannopoulos wrote:
> On Wed, 2016-03-16 at 12:36 +0000, Peter Gutmann wrote:
> > After a number of, uh, gentle reminders from people who have been
> > waiting for
> > this, I've finally got around to posting the TLS-LTS draft I
> > mentioned a while
> > back.  It's now available as:
> > 
> > > http://www.ietf.org/id/draft-gutmann-tls-lts-00.txt
> 
> I liked the idea of an LTS profile for TLS 1.2, however I just realized
> that RFC7540 [0] blacklists (with no rationale) 3 out of the 4 LTS
> ciphersuites and I'm wondering how practically useful will be that
> profile.
> 
> regards,
> Nikos
> 
> [0]. https://tools.ietf.org/html/rfc7540#appendix-A

As no such TLS 1.2 LTS existed at the time of publication (which multiple people, including myself, said would have been better), some kind of sane cipher restrictions were needed to avoid perpetual use of obsolete crypto. The consensus was requiring TLS 1.2+ with only PFS+AEAD cipher suites, however at the last minute implementors started complaining about the requirements and it was reduced to a blacklist of non-compliant cipher suites instead of requiring them to just update their APIs to handle things properly.

Noted at the end of the section:
https://tools.ietf.org/html/rfc7540#page-94


Dave