Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Alyssa Rowan <akr@akr.io> Thu, 02 October 2014 20:13 UTC

Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4A4C1A70FE for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 13:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zwzvXP0ZNIU6 for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 13:13:22 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FA171A86EB for <tls@ietf.org>; Thu, 2 Oct 2014 13:13:09 -0700 (PDT)
Message-ID: <542DB1D4.4020601@akr.io>
Date: Thu, 02 Oct 2014 21:13:08 +0100
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>
References: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp> <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C71D2F8F7E83@USMBX1.msg.corp.akamai.com> <CADMpkcJEt4e7LJAY+FsFcbyQE2x3SXsaOW3bffV4U2oN9EUKrg@mail.gmail.com> <542D850E.2060900@akr.io> <CADMpkc+Zbu64wek2HayW2tCf+d1ZYLocMp2PzXncyS=fHPDwsg@mail.gmail.com>
In-Reply-To: <CADMpkc+Zbu64wek2HayW2tCf+d1ZYLocMp2PzXncyS=fHPDwsg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/RMtn1PD5XiajIJ9p5mmsABBE4dU
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 20:13:23 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/10/2014 20:13, Bodo Moeller wrote:
>> No, not sure I follow your reasoning here:
> If you're not using TLS 1.2 but an earlier protocol version, then 
> obviously backwards compatibility is of concern (and there's
> really no non-crappy cipher suite available).

Then reasonable behaviour would be to choose the least weak cipher
available that's still sort of acceptable¹?

RC4 is not sort of acceptable. It's not even the least weak.

> It seems that you can get by without RC4 when using TLS 1.2, but 
> obviously sites do still see a need to support RC4 with older 
> protocol versions.

And this is _exactly_ the behaviour that we're warning needs to stop ASAP.

This isn't some compatibility kludge. This is a weak cipher.

___
[1] And _definitely_ issue the fallback SCSV, in case you're being
tricked into using weak with a new client when you could use strong.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJULbHUAAoJEOyEjtkWi2t68ssQAKx0jHP+sNjv5TrkOHUZqyqw
WPikAVKj2t/rjOK62asCpPwrgq5H3SK1OVdAVoA+QHaQDQZfZvIs9XYuaKctbps8
fd6Sl91qnOXzrSnXXno79ujOFhshKJ8wU6eDJjo7Hpfo+FL2PVVB/GmfsZ/UQD7y
ieQzsva+8lzD7bvDJ3AGQ6Pp0gKxUlihNmnFLoGWMNFXUOgMzMbmBzXxKi0Wck4N
2pP2gdgdYvfDkXxTGLrhjQj08eiSlCPnz42NW4GPlA9U1piW0ugOV4ZDusvaSAFW
tHznRfv1RhJl4K85vl0AKGjlAUFcoP2j+N3uQek65ksw/1LoUUlpDtLIj1//et4r
4WThorRRHwni7UohxLBP2QC558evu+Gsl4gYvuMhcjOWdE5GazM6777rocKOThYV
LOhaaR5OZpuQk6BXa8K6Uvdj029DgAstFIYM7QulyXbOBYzMV00DBTcDgJmzHjul
B+XxpqvuQCMA9kufdWFcXvOnBxlgaqFnjiGRO5GH3fvIgPCVqkYvfnO2NS4qLHMe
OvBmYWz22lR+w8/p6OQIttxw/DoRPPzXlCnljZWOLmAlocdOrmT7zyVPcan7iGR+
jfTQNiZ9SJyjXQs41kYaoJbTKJrDK+LAL7kwQkWUpFuIYaMLHZPyxMo+QlNN1W9L
dTj4k3+yRjX8BX6NIqmG
=3Wem
-----END PGP SIGNATURE-----