Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

"Salz, Rich" <rsalz@akamai.com> Tue, 21 October 2014 05:58 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A68AC1A6F9C for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 22:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXYPqVFIE2Gh for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 22:58:27 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id 79D491ACE70 for <tls@ietf.org>; Mon, 20 Oct 2014 22:58:27 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 83BEA47547; Tue, 21 Oct 2014 05:58:26 +0000 (GMT)
Received: from prod-mail-relay07.akamai.com (prod-mail-relay07.akamai.com [172.17.121.112]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 7694547544; Tue, 21 Oct 2014 05:58:26 +0000 (GMT)
Received: from email.msg.corp.akamai.com (usma1ex-cas2.msg.corp.akamai.com [172.27.123.31]) by prod-mail-relay07.akamai.com (Postfix) with ESMTP id 7152D8003C; Tue, 21 Oct 2014 05:58:26 +0000 (GMT)
Received: from USMA1EX-CASHUB4.kendall.corp.akamai.com (172.27.105.20) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.913.22; Tue, 21 Oct 2014 01:58:26 -0400
Received: from USMBX1.msg.corp.akamai.com ([169.254.1.71]) by USMA1EX-CASHUB4.kendall.corp.akamai.com ([172.27.105.20]) with mapi; Tue, 21 Oct 2014 01:58:25 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>, Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 21 Oct 2014 01:58:23 -0400
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
Thread-Index: AQHP3c1Ub4FUPtdXakGIHJMHMTXmG5wx5z5wgARg/gCAA4jTEIAAB/SAgABE+8SAAA374A==
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C495B@USMBX1.msg.corp.akamai.com>
References: <20141001231254.5238.71176.idtracker@ietfa.amsl.com> <20141004033546.GG13254@mournblade.imrryr.org> <20141002175446.6EB7B1AEA6@ld9781.wdf.sap.corp> <54B025040D4F68B1E49919B8@nifty-silver.us.oracle.com> <CAOgPGoCnbHHa-PVUpyon4gp-UHZo622Y3M2fQHLWwuNv8vKnvg@mail.gmail.com> <cce9c5f96fe944d5b4f6007d1c4a1bb2@BL2PR03MB419.namprd03.prod.outlook.com>, <CACsn0cmKojpfZFkaM8OBTZEpL0u_KFr6JEvHykm7uYE5UwRDLQ@mail.gmail.com> <1413868526423.88894@microsoft.com>
In-Reply-To: <1413868526423.88894@microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Gv8qB8cKF6FkrIUnhBoS9T4V0B4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 05:58:28 -0000

> Chris's language reads weaker than the TLS BCP, but if folks want to pursue
> this, that's up to the WG. My point is that this should be a different I-D,
> because it does not amount to "prohibiting RC4".

+1

Kill RC4 or put our face on it and face the public embarrassment.

It is clearly a best practice to not use RC4. Sure, some clients and servers have no choice and have to do so. So what?  The Internet is full of systems that do not follow best practices. That should not change what the "best" practice is.