IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 04 October 2014 03:35 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 867491A8A66 for <tls@ietfa.amsl.com>; Fri, 3 Oct 2014 20:35:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iXEWRWN4JT1Y for <tls@ietfa.amsl.com>; Fri, 3 Oct 2014 20:35:49 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BA291A8A65 for <tls@ietf.org>; Fri, 3 Oct 2014 20:35:48 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 168DD2AB2BE; Sat, 4 Oct 2014 03:35:47 +0000 (UTC)
Date: Sat, 04 Oct 2014 03:35:47 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20141004033546.GG13254@mournblade.imrryr.org>
References: <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C71D2F8F7E83@USMBX1.msg.corp.akamai.com> <CADMpkcJEt4e7LJAY+FsFcbyQE2x3SXsaOW3bffV4U2oN9EUKrg@mail.gmail.com> <542D850E.2060900@akr.io> <CADMpkc+Zbu64wek2HayW2tCf+d1ZYLocMp2PzXncyS=fHPDwsg@mail.gmail.com> <542DB1D4.4020601@akr.io> <20141003042418.GS13254@mournblade.imrryr.org> <CACsn0cnr49RHoNDhy=x7+Da=v4X=6rSMWKazA-ZObPTsuZnsGA@mail.gmail.com> <20141003133043.GV13254@mournblade.imrryr.org> <7BAC95F5A7E67643AAFB2C31BEE662D020DE17B869@SC-VEXCH2.marvell.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <7BAC95F5A7E67643AAFB2C31BEE662D020DE17B869@SC-VEXCH2.marvell.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/H9jPn3BO__f45y-6jgDQaYm3XNM
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Oct 2014 03:35:50 -0000

On Fri, Oct 03, 2014 at 07:46:29PM -0700, Paul Lambert wrote:

> ]Before RC4 becomes MUST NOT, it needs to first become a low priority
> ]algorithm that is used when nothing better is available.
> 
> We are overthinking the presumed interoperability concerns.

Well, I for one am not.   Disabling RC4 does more harm than good
with opportunistic TLS.  A far better approach in that case is to
de-priorioritize it.  Giving some check-list enforcing clue-less
auditor the ammunition to harass users into counter-productive
"security" measures is not my idea of progress.

> 
> A 'SHOULD NOT' recommendation is readily ignored. There is no
> clear guidance, only a suggestion.  Guidance on industry practice
> for such a feature is very important to help determine diligence
> of an implementation to follow recommended industry practice.

And yet this is the strongest recommendation appropriate at this
time.

> A 'MUST NOT', could be ignored, but installations that are audited
> for compliance to "recommended industry practice" would be dinged.
> This introduces potential liability and financial risks that would
> encourage the removal of RC4.

Not all applications face the same risks, and removing RC4 will some
applications *less* secure at least some of the time.

> 'SHOULD NOT' carries no incentive for change.

This is not the case.  Both are good reason to take action.
SHOULD NOT leaves room to consider when and how to respond.

> 'MUST NOT' provides clear guidance and incentive that will still 
> take many years to be adopted fully.

MUST NOT is overly broad and premature, we're moving from RC4 is
best to RC4 is worst too quickly, leaving too little time to reduce
the operational impact while use of RC4 is allowed to die down as
auditors nag people about the "SHOULD NOT", various tutorials and
guidelines are updated, articles are written, ...

I think I've said as much as I must and should in this thread.
Future silence will not indicate agreement with MUST NOT, rather
only that there is little new to say.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email