Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00
Hubert Kario <hkario@redhat.com> Fri, 08 August 2014 15:23 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 306DE1B2AEE for <tls@ietfa.amsl.com>; Fri, 8 Aug 2014 08:23:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iZRoFOZx7VP for <tls@ietfa.amsl.com>; Fri, 8 Aug 2014 08:23:15 -0700 (PDT)
Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) by ietfa.amsl.com (Postfix) with ESMTP id D46091A04AE for <tls@ietf.org>; Fri, 8 Aug 2014 08:23:15 -0700 (PDT)
Received: from zmail11.collab.prod.int.phx2.redhat.com (zmail11.collab.prod.int.phx2.redhat.com [10.5.83.13]) by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id s78FNAm0012612; Fri, 8 Aug 2014 11:23:10 -0400
Date: Fri, 08 Aug 2014 11:23:10 -0400
From: Hubert Kario <hkario@redhat.com>
To: mrex@sap.com
Message-ID: <1932336411.27094506.1407511390224.JavaMail.zimbra@redhat.com>
In-Reply-To: <20140808145658.E70281ADFC@ld9781.wdf.sap.corp>
References: <20140808145658.E70281ADFC@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.6]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: WGLC: draft-ietf-tls-prohibiting-rc4-00
Thread-Index: gt02Bv+gsGvp23FKvICLBxGHTla0Ww==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Nr_Q9IaY_FgUEgfswNBliX_64Yw
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 15:23:18 -0000
----- Original Message ----- > From: "Martin Rex" <mrex@sap.com> > To: "Hubert Kario" <hkario@redhat.com> > Cc: mrex@sap.com, "Sean Turner" <TurnerS@ieca.com>, "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org> > Sent: Friday, 8 August, 2014 4:56:58 PM > Subject: Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 > > Hubert Kario wrote: > > > >> There currently exists *no* known attack against the integrity > >> protection of the TLS handshake, so this looks primarily like an > >> attempt to promote "planned obsolesence", and a poor excuse for > >> Microsoft to actively break interop with Windows XP (and potentially > >> other installed base). > > > > 3DES remains an option if you need to interoperate with very old > > systems. It doesn't break interoperability with Windows XP. > > > > 0 - http://blog.cloudflare.com/killing-rc4-the-long-goodbye > > > This is the theory. > In theory, theory an practice are the same, in practice they differ. > > There seems to be stuff that breaks with TLS cipher suites that > use padding. This is just Windows stuff, I've also seen such > interop problems with Java (J2SE) client (using nio it seems), > that will simply not interop with 3DES-EDE (nor AES128-SHA), > and RC4 is the only alternative that works. Those are bugs, if you _need_ to work around them, then work around them, that's what MUST means. But don't deploy those workarounds unless you're: 1). sure that they are needed 2). sure that this is the only way to workaround the issue -- Regards, Hubert Kario
- [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Sean Turner
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Martin Rex
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Alyssa Rowan
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Hubert Kario
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Martin Rex
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Hubert Kario
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Martin Rex
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Paul Lambert
- Re: [TLS] WGLC: draft-ietf-tls-prohibiting-rc4-00 Aaron Zauner