Re: [TLS] Prohibiting RC4 Cipher Suites

Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 23 August 2013 10:33 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9880721F9E67 for <tls@ietfa.amsl.com>; Fri, 23 Aug 2013 03:33:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.453
X-Spam-Level:
X-Spam-Status: No, score=-102.453 tagged_above=-999 required=5 tests=[AWL=0.146, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Th+h+Sy-QtEP for <tls@ietfa.amsl.com>; Fri, 23 Aug 2013 03:33:08 -0700 (PDT)
Received: from mail-ee0-x235.google.com (mail-ee0-x235.google.com [IPv6:2a00:1450:4013:c00::235]) by ietfa.amsl.com (Postfix) with ESMTP id B5EE521F9A99 for <tls@ietf.org>; Fri, 23 Aug 2013 03:33:01 -0700 (PDT)
Received: by mail-ee0-f53.google.com with SMTP id b15so213033eek.12 for <tls@ietf.org>; Fri, 23 Aug 2013 03:33:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=6QUbR1q2Us7Os8j89x7snIw4AG7E1vFHb1A1DIx3LnM=; b=zHEyXDwCsywPh8KQRSwI0z87VpUr2fSPaTXi27XlWiWXypqVpGGZjyQysWqF2oBd7b Q4g8HTIcZ0yaTlv2lf/8I1woFEr0+BBCJwoD5hi2jfPk5GMLtbogCp0M0Mz7mue9kxb9 SbUmgldtlIXz5MD/41u8TuiYN5WYlPNB0RVrmaxaNpfDhOTFH1xRpkAiUpQSi97svCfw xXH+EWct+uqazpvO0ayUGI3R/84fAnuozsqUTtkZ/63RHUL8D0wkLtXjBQmKwcN0Hn8h qGVZIgj8lvmCvse3LH9SpIxzPex27Ibq4mTVEaPzqBj3XLDudM28+DWOgNEMSfY7525L +Thg==
X-Received: by 10.14.184.3 with SMTP id r3mr25636226eem.49.1377253980852; Fri, 23 Aug 2013 03:33:00 -0700 (PDT)
Received: from [10.0.0.6] (bzq-79-181-211-116.red.bezeqint.net. [79.181.211.116]) by mx.google.com with ESMTPSA id r48sm23813526eev.14.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 23 Aug 2013 03:33:00 -0700 (PDT)
Message-ID: <52173A5A.5000302@gmail.com>
Date: Fri, 23 Aug 2013 13:32:58 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
MIME-Version: 1.0
To: Andrei Popov <Andrei.Popov@microsoft.com>
References: <5215BF4A.7020909@gmail.com> <33d9189a96054eb8b239102453d92c5b@BL2PR03MB194.namprd03.prod.outlook.com>
In-Reply-To: <33d9189a96054eb8b239102453d92c5b@BL2PR03MB194.namprd03.prod.outlook.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Prohibiting RC4 Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2013 10:33:09 -0000

Hi Andrei,

Of course current Web browsers all support better ciphersuites. But 
there is huge diversity here: people may have very old browsers and are 
not allowed or cannot install newer versions. Or people may be using old 
kiosks that are totally out of their control. Or admins may have set up 
a silly group policy and users are stuck with it.

And in general, many people (most people?) will do what comes easier 
rather than what makes sense from a security point of view. We should 
maximize the security of users, even if they're acting stupidly.

Thanks,
	Yaron

On 2013-08-23 02:24, Andrei Popov wrote:
> Hi Yaron,
>
> Thanks for the feedback.
>
> Are there any major web browsers that only support RC4? I am not aware of any.
>
> Arguably, the common fallback for web users is to install a different browser, rather than try to find a non-TLS service (which is not always an available option).
>
> Cheers,
>
> Andrei
>
> -----Original Message-----
> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Yaron Sheffer
> Sent: Thursday, August 22, 2013 12:36 AM
> To: tls@ietf.org
> Subject: [TLS] Prohibiting RC4 Cipher Suites
>
> Hi Andrei,
>
> Thank you for the new draft. While I agree with the motivation and with the first two recommendations (do not offer RC4, do not accept RC4 - if
> possible!) I disagree that it is better to completely reject a client that offers only RC4, because the intuitive fallback for Web users is simply, don't do TLS. In a world of pervasive passive surveillance (see https://www.ietf.org/mailman/listinfo/perpass), we would prefer sessions to be encrypted even if it means that an active attacker, working hard, can break into them. And yes, the is the age old "false sense of security" discussion, yet again.
>
> Thanks,
>       Yaron
> <https://www.ietf.org/mailman/listinfo/perpass>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>