[TLS] ban more old crap (was: A la carte concerns from IETF 93)

Dave Garrett <davemgarrett@gmail.com> Thu, 23 July 2015 15:43 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0E1CB1ACE77 for <tls@ietfa.amsl.com>; Thu, 23 Jul 2015 08:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id fok8BBn9pzYd for <tls@ietfa.amsl.com>; Thu, 23 Jul 2015 08:43:48 -0700 (PDT)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98B311AC39C for <tls@ietf.org>; Thu, 23 Jul 2015 08:43:48 -0700 (PDT)
Received: by qgeu79 with SMTP id u79so63736649qge.1 for <tls@ietf.org>; Thu, 23 Jul 2015 08:43:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=f1ve0Gbcw3npCeKGxtnNarLlVSmPUOK6L50rhMZKaDc=; b=Ds0AOgl0kyNhe/fTjShdXrynIyuiYuTZz+Vpttk7UCgKoGbguhWDmLIuGhuYBQvGKy uj6JHVNzpaJwKempnQPhKBAkxkp2s69PVO5PKsaoFwcKJ3UQlvBbnZqvrLnwfXJSMhyl ZpKrDmMwJ09lJBodbS/ebiMR0PdbXF0Dloi2h8Ml0/dVc1sxJiiZUMoIyrFRHeaYFNJB oAYsNIfT9KSNCYzEYqAHFiXe0z3dTy6ItWwczTfHXSvhumwUDxD+8g9aGjo0PfVaXgS8 w6PHUm7clcoF34FuaItaONh/Kwg0LEY2E6IVTUUpmjBzaHgZgR7ElNDDxMdy7XUfCMXt pgjA==
X-Received: by with SMTP id 93mr12849889qgo.61.1437666227936; Thu, 23 Jul 2015 08:43:47 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. []) by smtp.gmail.com with ESMTPSA id k16sm2565900qgd.23.2015. (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 23 Jul 2015 08:43:47 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: Hubert Kario <hkario@redhat.com>
Date: Thu, 23 Jul 2015 11:43:45 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <201507221610.27729.davemgarrett@gmail.com> <1724827.ajpDBsKllU@pintsize.usersys.redhat.com>
In-Reply-To: <1724827.ajpDBsKllU@pintsize.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201507231143.46288.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/RisOEaLi3DfyXJtxUCjuV6SHtxU>
Cc: tls@ietf.org
Subject: [TLS] ban more old crap (was: A la carte concerns from IETF 93)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 15:43:50 -0000

On Thursday, July 23, 2015 07:09:49 am Hubert Kario wrote:
> vast swaths of web servers are misconfigured; introducing a more complex 
> mechanism to server configuration when the existing situation is 
> incomprehensible to many administrators won't help (and even many people that 
> write the various blog posts about "how to configure SSL [sic] in httpd" 
> clearly haven't read openssl ciphers(1) man page)

We should just get more serious about banning old crap entirely to make dangerous misconfiguration impossible for TLS 1.3+ implementations.

Right now, the restrictions section prohibits:
RC4, SSL2/3, & EXPORT/NULL entirely (via min bits)
and has "SHOULD" use TLS 1.3+ compatible with TLS 1.2, if available

How about we stop being fuzzy? I'd like to make it "MUST" use AEAD with all TLS 1.2+ connections, or abort with a fatal error. Plus, "MUST" use DHE or ECDHE for ALL connections, even back to TLS 1.0, or abort with a fatal error. (the wrench in this is plain PSK, which should be restricted to resumption within a short window; IoT people who want to use intentionally weak security can write their own known weak spec)

By the way, even IE6 on XP supports DHE. Windows XP, however, appears to be badly configured to only allow it with DSS, because missing combos from the cipher suite nonsense happen. If we actually have to care about IE on XP, we could state an exception that the only non-PFS cipher suite to be permitted on servers for backwards compatibility is TLS_RSA_WITH_3DES_EDE_CBC_SHA.

Also add a requirement that all config provided by the admin must be validated to meet the TLS 1.3 requirements and auto-corrected if not, with a warning if there's an issue.

This doesn't have to be a mess for admins to sort out.