Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 09 September 2013 15:21 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99BD221F9E9F for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 08:21:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2pbUN7Espf8X for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 08:21:27 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 248FE21E8200 for <tls@ietf.org>; Mon, 9 Sep 2013 08:10:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 77DC5BE4D; Mon, 9 Sep 2013 16:10:09 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VPswBMHKN30; Mon, 9 Sep 2013 16:10:09 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 55249BE2F; Mon, 9 Sep 2013 16:10:09 +0100 (IST)
Message-ID: <522DE4D2.4020403@cs.tcd.ie>
Date: Mon, 09 Sep 2013 16:10:10 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: Yaron Sheffer <yaronf.ietf@gmail.com>
References: <20130907224638.32356.96972.idtracker@ietfa.amsl.com> <522C3497.9020301@gmail.com>
In-Reply-To: <522C3497.9020301@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 15:21:39 -0000

Hi Yaron,

Thanks for doing this. I hope the WG adopt this and
process it quickly.

A few comments:

1) Given recent news, I think section 2 should describe why
PFS is a good thing and should say a bit about how server
private keys can be exposed (e.g. someone hacks into
server and copies a private key file, or gets keys from
a decommissioned server), and the consequences that flow
if non-PFS ciphersuites are used.

2) I think an appendix or section that shows how to configure
a server to prefer whatever ciphersuite configurations end
up as recommended would be very valuable. I realise that that
would be server specific but it should be easy enough to get
for the most popular server or the two most popular. While
that information is already available on the web, and will
go out of date, its finicky stuff so it'd be good to make
all this easier for a site admin who reads the RFC in
the next couple of years.

3) Similarly, saying how to turn off ciphersuites that you
don't want and which those are might be useful.

4) I also think it'd be good to give recommendations for
older versions of TLS (and maybe SSL) that are still
widely deployed, even though TLS 1.2 will have better
options and the overall recommendation is to use a
1.2 ciphersuite.

5) I agree with the point raised by Patrick that some
guidance about reasonable key lengths/strengths would
be good where its needed. I'd be ok with that being in
the non-normative bit where you show how to configure
stuff and/or in the security considerations.

Some text related to a number of the above points can be
found via the links in a mail that Patrick Pelletier [1]
sent to the perpass list.

Cheers,
S.

[1] http://www.ietf.org/mail-archive/web/perpass/current/msg00062.html


On 09/08/2013 09:25 AM, Yaron Sheffer wrote:
> This is an early version of my proposal for a BCP-like document, to
> inform the industry on what can be done with existing implementations,
> while TLS 1.3 is still not ready.
> 
> I would appreciate your comments of course. Specifically,
> I would like to fill in the Implementation Status table (Sec. 5) and
> would be glad to receive solid information (dates, planned dates,
> version numbers) from implementers.
> 
> Thanks,
>     Yaron
> 
> -------- Original Message --------
> Subject: New Version Notification for draft-sheffer-tls-bcp-00.txt
> Date: Sat, 07 Sep 2013 15:46:38 -0700
> From: internet-drafts@ietf.org
> To: Yaron Sheffer <yaronf.ietf@gmail.com>
> 
> 
> A new version of I-D, draft-sheffer-tls-bcp-00.txt
> has been successfully submitted by Yaron Sheffer and posted to the
> IETF repository.
> 
> Filename:     draft-sheffer-tls-bcp
> Revision:     00
> Title:         Recommendations for Secure Use of TLS and DTLS
> Creation date:     2013-09-08
> Group:         Individual Submission
> Number of pages: 8
> URL: http://www.ietf.org/internet-drafts/draft-sheffer-tls-bcp-00.txt
> Status:          http://datatracker.ietf.org/doc/draft-sheffer-tls-bcp
> Htmlized:        http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
> 
> 
> Abstract:
>    Over the last few years there have been several serious attacks on
>    TLS, including attacks on its most commonly used ciphers and modes of
>    operation.  This document offers recommendations on securely using
>    the TLS and DTLS protocols, given existing standards and
>    implementations.
> 
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>