Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)

[Alyssa Rowan <akr@akr.io>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 23/04/2014 05:09, Watson Ladd wrote:

> At some point RC4 needs to be removed. The question is now, or 
> after someone demonstrates the sort of attack that we have 
> nightmares about. Actually, given the talk about a removal path, 5
> years from now or 3 years after someone demonstrates an attack.

The only correct response to a probably-broken cipher is to turn it
off _right now_ and replace it with something better (TLSv1.2
AES-128-GCM, say).

Unless you're doing SSL/TLS for purely decorative purposes, it is
preferable that insecure endpoints are unreachable or warned about -
and are fixed - than the very real hazard that people will _go back_
and decrypt all of your sensitive traffic.

> One side or the other needs patching, preferably both. End of the 
> day we can't do anything without some actual work getting done on 
> deployed stuff.

I see a draft like this as being the writing on the wall the slowpokes
need to start getting them moving; more importantly, the writing on
the wall that we can show their auditors.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTV1VRAAoJEOyEjtkWi2t6HcwP/21wmOrDoR+WDeNtFWZMc1/+
qqrP9jeKkwgpUlBhXBWYabe5cf4JNv9r2McbZ6T3vtHEy7uNjhwnkZI5SFen48bU
1UqBReB9OYNU5QPB0NBhW5Mu0Cv7aKFpxYwjcZ02kQbQXv3vqAx/b9JzweUWxJVu
gA7M7EzczwGsNZIrvBcdn0T+9IgmqHXBORGDbhnGHc/QN5iSnhemtarCqNXYNTCc
sggc16wZqmZ7LtjSLSr2rsT+6nSDUnGZARHgoy5qzEIaOsRPmyiSVOVdoNdRcLjA
Q1etyRyRWuVn4k7EOdgV+f729oBGOpkn5Exuc74T/Uwyp4Hfct2j2sryxEU3ekvA
pj5QJ+s8LfNuwq4907uaYn1an3MLYoD9S5DIZeW83e7QNipalsNpOmceXgBivurT
gIMY+OKqqJ+YUeYHXut+gWH6qIHqXFI1HUQnJ1PR5fvD6S47bhnT7OofHnowncKs
m/JbT2hZJvKbSAiPZuFrwPkER8zpU5IRqUaaN6xXJvITynVHK6W8AB7x09evB9NW
/lMoTdzHfoyvp5H/hN/758oEj+ro9iMZLWYHZFOhSO0gQeHUE9rNipyu4N6UaGJ9
xg0IEJOgABQGB7DNEhfDnKHwyFTQqbQN8LVB0ESpeCBEu8KmOXEDgaGp5mqUP89t
xX1YHdHIj9foAiHMnwV7
=ZkiG
-----END PGP SIGNATURE-----