Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Watson Ladd <watsonbladd@gmail.com> Thu, 02 October 2014 01:23 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DB581A8883 for <tls@ietfa.amsl.com>; Wed, 1 Oct 2014 18:23:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQPDITPTNSrc for <tls@ietfa.amsl.com>; Wed, 1 Oct 2014 18:23:48 -0700 (PDT)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FCCB1A8887 for <tls@ietf.org>; Wed, 1 Oct 2014 18:23:48 -0700 (PDT)
Received: by mail-yk0-f172.google.com with SMTP id 19so690621ykq.31 for <tls@ietf.org>; Wed, 01 Oct 2014 18:23:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RA7eT8x7+v2n0rpTOP1oa3ozlWkKKz+dXCMXB1boSfA=; b=CDE2LEVFT662G+HIkhyLzOBH0Oz6GH9nlnJB/2EAHUchJmlWdN1Cg0tQeD7QmU+uNg ma6Y3Il9PnyYtT9JQwc3wNChIQwaFvjbW3jXVSXvF0J6FI+GM3l/e6OeB3CkN4mplFOJ rLu4sAPBz8puTwbqXl2QhU9bztv7ABW+Fl+viwBkANQZAGy2BhOyB585qLZamB8MAbW8 Uhk8IYDLfVc0mN+cTqTzn+Fc+YFubKBNVt2ol3QaytvmStqxhI/5TasizNGMGW6i3eLQ nEcu1WNul0fD5xWDUxiH+j6EQ8fhAt0hCJJiUJIrzbd565WwPJU+NeEoHtpopcOBOA3a My3Q==
MIME-Version: 1.0
X-Received: by 10.236.160.225 with SMTP id u61mr85159862yhk.4.1412213027703; Wed, 01 Oct 2014 18:23:47 -0700 (PDT)
Received: by 10.170.207.216 with HTTP; Wed, 1 Oct 2014 18:23:47 -0700 (PDT)
In-Reply-To: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp>
References: <20141001231254.5238.71176.idtracker@ietfa.amsl.com> <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp>
Date: Wed, 01 Oct 2014 18:23:47 -0700
Message-ID: <CACsn0ckKg_BTFi8=ut9ufRMvUP2HCAsfV-Z=Uib+i2JwgNNdKw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "mrex@sap.com" <mrex@sap.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/PBkQzapSG87pnEsZ7fTSzQZFkQw
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 01:23:50 -0000

On Wed, Oct 1, 2014 at 5:58 PM, Martin Rex <mrex@sap.com> wrote:
> internet-drafts@ietf.org wrote:
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>>
>>       Title           : Prohibiting RC4 Cipher Suites
>>       Author          : Andrei Popov
>>       Filename        : draft-ietf-tls-prohibiting-rc4-01.txt
>
>
> The list of cipher suites in that document should better include
> the cipher suite code points!  The code points are unique and unambiguous,
> whereas the artificial symbolic names vary greatly among implementations

The symbolic names are in the IANA registry alongside the codepoints,
and are easier to transcribe correctly. These are not implementation
dependent.

Sincerely,
Watson Ladd

>
> -Martin
>
> PS: I still object to the MUST fail requirement to the server.
>     It is not just plain silly it is also incompatible with
>     rfc2119 section 6.  In many situations, the risk in accepting
>     a TLS session with RC4 as a last resort for interop will be
>     quite managable and pretty close to negligible.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin