Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00

Hubert Kario <hkario@redhat.com> Fri, 08 August 2014 13:59 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D19F1B2A31 for <tls@ietfa.amsl.com>; Fri, 8 Aug 2014 06:59:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.603
X-Spam-Level:
X-Spam-Status: No, score=-2.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5CgKg1LhVIb for <tls@ietfa.amsl.com>; Fri, 8 Aug 2014 06:59:15 -0700 (PDT)
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE031B29CD for <tls@ietf.org>; Fri, 8 Aug 2014 06:59:15 -0700 (PDT)
Received: from zmail11.collab.prod.int.phx2.redhat.com (zmail11.collab.prod.int.phx2.redhat.com [10.5.83.13]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s78Dx9fD028132; Fri, 8 Aug 2014 09:59:09 -0400
Date: Fri, 8 Aug 2014 09:59:09 -0400 (EDT)
From: Hubert Kario <hkario@redhat.com>
To: mrex@sap.com
Message-ID: <291878953.27023269.1407506349223.JavaMail.zimbra@redhat.com>
In-Reply-To: <20140808133628.7C9931ADFC@ld9781.wdf.sap.corp>
References: <20140808133628.7C9931ADFC@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.6]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: WGLC: draft-ietf-tls-prohibiting-rc4-00
Thread-Index: cO4t24njEobdKKlRkyNB1o3H1zdQXQ==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KEbjaMHK-9ck98FRWFRZ1egi0WI
Cc: "TLS@ietf.org \(tls@ietf.org\)" <tls@ietf.org>
Subject: Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 13:59:17 -0000

----- Original Message -----
> From: "Martin Rex" <mrex@sap.com>
> To: "Sean Turner" <TurnerS@ieca.com>
> Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
> Sent: Friday, 8 August, 2014 3:36:28 PM
> Subject: Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00
> 

> Especially in the Web, where access to information is often available
> through HTTP and HTTPS, a policy like the above (when adopted) would
> cause MORE communication to be performed in plaintext.

according to CloudFlare[0] basically no web clients support just RC4.
During their test 0.0009% of visitors connected using RC4 after their
servers placed RC4 last in the cipher order.

> There currently exists *no* known attack against the integrity
> protection of the TLS handshake, so this looks primarily like an
> attempt to promote "planned obsolesence", and a poor excuse for
> Microsoft to actively break interop with Windows XP (and potentially
> other installed base).

3DES remains an option if you need to interoperate with very old
systems. It doesn't break interoperability with Windows XP.

 0 - http://blog.cloudflare.com/killing-rc4-the-long-goodbye
 
-- 
Regards,
Hubert Kario