IETF Logo Mail Archive

Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)

Bill Frantz <frantz@pwpconsult.com> Wed, 23 April 2014 19:36 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D905D1A0354 for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 12:36:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RCy9tUNEnyCF for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 12:36:11 -0700 (PDT)
Received: from elasmtp-galgo.atl.sa.earthlink.net (elasmtp-galgo.atl.sa.earthlink.net [209.86.89.61]) by ietfa.amsl.com (Postfix) with ESMTP id E52851A0242 for <tls@ietf.org>; Wed, 23 Apr 2014 12:36:10 -0700 (PDT)
Received: from [174.236.35.149] (helo=Williams-MacBook-Pro.local) by elasmtp-galgo.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1Wd2xg-0000Gq-Gm; Wed, 23 Apr 2014 15:36:04 -0400
Date: Wed, 23 Apr 2014 12:36:04 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Priority: 3
In-Reply-To: <CACsn0c=m75TQgNYr+V9y55807MG7c50iV7y-j_wtxKeVXJLh4g@mail.gmail.com>
Message-ID: <r422Ps-1075i-756598AE848E40B3A103EB939D882F53@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec791f3651a8b4fc725782f2ac9515626da2350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 174.236.35.149
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/OvfvveGtuXtsHrYxnAvR9sHZSXY
Cc: tls@ietf.org
Subject: Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 19:36:13 -0000

On 4/22/14 at 9:09 PM, watsonbladd@gmail.com (Watson Ladd) wrote:

>One side or the other needs patching, preferably both. End of the day
>we can't do anything without some actual work getting done on deployed
>stuff. But yes, this is a good reminder that not everything is a web
>browser that calls home every week for an update.

Should we have a best practices standard for the Internet of 
Things (IoT) which provides for updating their cryptography? If 
we do, we'll quickly get into the bind of function vs. cost. If 
we don't, we probably will see LED bulbs, with their 20+ year 
life span, which are vulnerable to unauthorized control and 
therefor must be run on a closed network. That configuration 
will require a gateway through a more capable, and frequently 
updated, machine. If the LEDs are controlled through their power 
connection it will also require power line isolation. This last 
suggestion may be a nightmare for the IoT dreamers.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Truth and love must prevail  | Periwinkle
(408)356-8506      | over lies and hate.          | 16345 
Englewood Ave
www.pwpconsult.com |               - Vaclav Havel | Los Gatos, 
CA 95032

v2.23.0 | Report a Bug | By Email