Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Hanno Böck <hanno@hboeck.de> Thu, 02 October 2014 08:26 UTC

Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6091E1A0173 for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 01:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLDeHmU2L-pH for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 01:26:04 -0700 (PDT)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DF701A0151 for <tls@ietf.org>; Thu, 2 Oct 2014 01:26:03 -0700 (PDT)
Received: from localhost ([::ffff:91.64.1.128]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, ECDHE-RSA-AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Thu, 02 Oct 2014 10:26:02 +0200 id 0000000000000024.00000000542D0C1A.000009F5
Date: Thu, 2 Oct 2014 10:26:02 +0200
From: Hanno =?ISO-8859-1?B?QvZjaw==?= <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20141002102602.3651570f@hboeck.de>
In-Reply-To: <20141001231254.5238.71176.idtracker@ietfa.amsl.com>
References: <20141001231254.5238.71176.idtracker@ietfa.amsl.com>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.24; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-2549-1412238362-0001-2"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/SQmqqmXRAJzTNN9TTSWnVFLHHgA
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 08:26:06 -0000

Am Wed, 01 Oct 2014 16:12:54 -0700
schrieb internet-drafts@ietf.org:

>    This document requires that Transport Layer Security (TLS) clients
>    and servers never negotiate the use of RC4 cipher suites when they
>    establish connections.  This applies to all TLS versions, and
> updates [RFC5246], [RFC4346], and [RFC2246].

I really don't want to hold anything here and would welcome if this
gets finally out, however there's one thing that bothers me:
There is currently no such RFC for RC2 or DES. Both are - considering
current RFCs - perfectly valid ciphers according to RFC 2246.

It doesn't really make sense to forbid RC4 (likely weak, but no
public practical attacks yet) while still allowing RC2(40 bit)/DES
(practically broken).

Should we change this to "forbid RC2, DES and RC4" ?

(there's of course also the potential discussion if further ciphers
should be deprecated that are likely weak but not broken - things like
DSS - but I'd keep that discussion separate for now)

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42