Re: [TLS] RC4 depreciation path (Re: Deprecating more (DSA?))
Kurt Roeckx <kurt@roeckx.be> Sat, 19 April 2014 13:10 UTC
Return-Path: <kurt@roeckx.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71BD21A0201 for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 06:10:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T5zPqyBn_e42 for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 06:10:26 -0700 (PDT)
Received: from defiant.e-webshops.eu (defiant.e-webshops.eu [82.146.122.140]) by ietfa.amsl.com (Postfix) with ESMTP id 8CDAE1A01FB for <tls@ietf.org>; Sat, 19 Apr 2014 06:10:25 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id F17F51C2121; Sat, 19 Apr 2014 15:10:19 +0200 (CEST)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id BCC8D1FE0214; Sat, 19 Apr 2014 15:10:19 +0200 (CEST)
Date: Sat, 19 Apr 2014 15:10:19 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <20140419131019.GA29561@roeckx.be>
References: <CACsn0cnZFScA1WnitpHH--6_Kd0spfLQvmvniyCSnUmvr8xVhg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0cnZFScA1WnitpHH--6_Kd0spfLQvmvniyCSnUmvr8xVhg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Ot10GOJlxA0SLUcTTh2VOO_1iso
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RC4 depreciation path (Re: Deprecating more (DSA?))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2014 13:10:32 -0000
On Fri, Apr 18, 2014 at 11:03:44PM -0700, Watson Ladd wrote: > On Thu, Apr 17, 2014 at 9:15 AM, Brian Sniffen <bsniffen@akamai.com> wrote: > > Alyssa Rowan <akr@akr.io> writes: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA512 > >> > >> It looks like RC4 is rapidly heading for the chopping block, with > >> basically unanimous consensus. Good. > > > > Agreed, mod Martin's proposal that I understand to ask for a reasonable > > path by which we strongly deprecate RC4 on clients, then after a client > > generation ban RC4 on clients and deprecate for servers. > > I don't think this is the correct path. I think what we should do is > have clients and servers both prefer other options (in all TLS > versions), then once that change is made, ban it entirely. Deprecation > on one side won't affect the other side if there isn't an alternative > mandated. (Right now RC4 only servers are keeping RC4 alive). > > This first step has already happened in the web context on modern > browsers. What we need is to make the server side step happen, and > then think about removal in the second step. > > Sadly, our ability to force upgrades is very limited. And I think publishing an RFC isn't actually really going to help much. Yes, people could use it tell others that it's deprecated, but I think there are already more than enough places that say so that having this RFC isn't really going to make a difference. I do agree that we need to try to get both sides to stop using it, and I wish we could just tell people to stop using it and that they would do so. But I don't see either the server or the client side wanting to break things. It would clearly help if they could say at which point they wouldn't mind breaking things. So I think that for now the best we can do is: - Servers should either stop accepting RC4 or make sure that if the clients supports something better (TLS >= 1.1?) it should not pick RC4. It's my understanding that the client preferences of ciphers should be used but that servers can override that, and that there might be good reasons to do so. For instance to get PFS when talking to Internet Explorer. If they override it, they should make sure not to put RC4 first. Basically, a mondern client should never get RC4. - Clients should not announce support for RC4 in their initial connection attempt, and only fall back to support it when the server says that there are no common ciphers. (I'm not sure if a MITM can fake that response or not.) At some point in time when the clients or servers think that they don't need to support RC4 anymore they should disable it. Kurt
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Bill Frantz
- [TLS] RC4 depreciation path (Re: Deprecating more… Watson Ladd
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Kurt Roeckx
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Ilari Liusvaara
- Re: [TLS] RC4 deprecation path (Re: Deprecating m… Michael D'Errico
- Re: [TLS] RC4 deprecation path (Re: Deprecating m… Kurt Roeckx
- Re: [TLS] RC4 deprecation path (Re: Deprecating m… Yoav Nir
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Fabrice
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Yoav Nir
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Kurt Roeckx
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Watson Ladd
- [TLS] RC4 Considered Harmful (Was: RC4 deprecatio… Alyssa Rowan
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Yoav Nir
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Yoav Nir
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Watson Ladd
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Alyssa Rowan
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Jacob Appelbaum
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… David Holmes
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Watson Ladd
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Alyssa Rowan
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Watson Ladd
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Salz, Rich
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Yoav Nir
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Geoffrey Keating
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Marsh Ray
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Kurt Roeckx