Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00

mrex@sap.com (Martin Rex) Fri, 08 August 2014 14:57 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DFB11B2B07 for <tls@ietfa.amsl.com>; Fri, 8 Aug 2014 07:57:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KBve4uqvMDz5 for <tls@ietfa.amsl.com>; Fri, 8 Aug 2014 07:57:02 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.smtp.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 8D4A91B2AF2 for <tls@ietf.org>; Fri, 8 Aug 2014 07:57:02 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id s78EuxU1017143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 8 Aug 2014 16:56:59 +0200 (MEST)
In-Reply-To: <291878953.27023269.1407506349223.JavaMail.zimbra@redhat.com>
To: Hubert Kario <hkario@redhat.com>
Date: Fri, 08 Aug 2014 16:56:58 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140808145658.E70281ADFC@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Ghj6OcHwY5VxyTjUKwgihSD2zes
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 14:57:04 -0000

Hubert Kario wrote:
> 
>> There currently exists *no* known attack against the integrity
>> protection of the TLS handshake, so this looks primarily like an
>> attempt to promote "planned obsolesence", and a poor excuse for
>> Microsoft to actively break interop with Windows XP (and potentially
>> other installed base).
> 
> 3DES remains an option if you need to interoperate with very old
> systems. It doesn't break interoperability with Windows XP.
> 
>  0 - http://blog.cloudflare.com/killing-rc4-the-long-goodbye


This is the theory.
In theory, theory an practice are the same, in practice they differ.

There seems to be stuff that breaks with TLS cipher suites that
use padding.  This is just Windows stuff, I've also seen such
interop problems with Java (J2SE) client (using nio it seems),
that will simply not interop with 3DES-EDE (nor AES128-SHA),
and RC4 is the only alternative that works.

-Martin