Re: [TLS] Prohibiting RC4 Cipher Suites
Andrei Popov <Andrei.Popov@microsoft.com> Thu, 22 August 2013 22:31 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26F5011E8122 for <tls@ietfa.amsl.com>; Thu, 22 Aug 2013 15:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.265
X-Spam-Level:
X-Spam-Status: No, score=-4.265 tagged_above=-999 required=5 tests=[AWL=-0.666, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvlHis9FZEb9 for <tls@ietfa.amsl.com>; Thu, 22 Aug 2013 15:31:10 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0240.outbound.protection.outlook.com [207.46.163.240]) by ietfa.amsl.com (Postfix) with ESMTP id 2E65911E8153 for <tls@ietf.org>; Thu, 22 Aug 2013 15:31:06 -0700 (PDT)
Received: from BL2PR03MB194.namprd03.prod.outlook.com (10.255.230.142) by BL2PR03MB195.namprd03.prod.outlook.com (10.255.230.153) with Microsoft SMTP Server (TLS) id 15.0.745.25; Thu, 22 Aug 2013 22:15:58 +0000
Received: from BL2PR03MB194.namprd03.prod.outlook.com ([169.254.14.159]) by BL2PR03MB194.namprd03.prod.outlook.com ([169.254.14.218]) with mapi id 15.00.0745.000; Thu, 22 Aug 2013 22:15:58 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Prohibiting RC4 Cipher Suites
Thread-Index: Ac6esIChBWliS7Z2TPWoD9XjLTgjuf//kBKA//3o8CA=
Date: Thu, 22 Aug 2013 22:15:57 +0000
Message-ID: <fb0eb3697e7f41839d545f2b066e4ba0@BL2PR03MB194.namprd03.prod.outlook.com>
References: <2a98812c79804000ad1e74557a10125a@BL2PR03MB194.namprd03.prod.outlook.com> <CE3A7A2A.9736%kenny.paterson@rhul.ac.uk>
In-Reply-To: <CE3A7A2A.9736%kenny.paterson@rhul.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e0:ed43::3]
x-forefront-prvs: 0946DC87A1
x-forefront-antispam-report: SFV:NSPM; SFS:(26614003)(13464003)(189002)(199002)(51704005)(24454002)(479174003)(53754006)(377454003)(65816001)(59766001)(77982001)(80022001)(51856001)(47976001)(46102001)(74366001)(33646001)(19580395003)(19580405001)(76796001)(83322001)(81816001)(76786001)(81686001)(63696002)(53806001)(76576001)(83072001)(49866001)(74316001)(31966008)(81542001)(4396001)(69226001)(15974865002)(74876001)(56776001)(47736001)(56816003)(74706001)(50986001)(79102001)(80976001)(47446002)(76482001)(54316002)(77096001)(54356001)(81342001)(74662001)(74502001)(557034004)(3826001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB195; H:BL2PR03MB194.namprd03.prod.outlook.com; CLIP:2001:4898:80e0:ed43::3; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
Subject: Re: [TLS] Prohibiting RC4 Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2013 22:31:14 -0000
Hi Kenny, Thanks for your comments; I will update the attack description and the link in the next revision of the draft. Cheers, Andrei -----Original Message----- From: Paterson, Kenny [mailto:Kenny.Paterson@rhul.ac.uk] Sent: Wednesday, August 21, 2013 2:13 PM To: Andrei Popov; tls@ietf.org Subject: Re: [TLS] Prohibiting RC4 Cipher Suites Andrei, Your intro says: "Recent cryptanalysis results [ALF] exploit biases in the RC4 keystream to recover early portions of plaintexts." The attacks can recover repeated plaintext from ANYWHERE in the plaintext stream, so they are more flexible in application than your text suggests. Another (better?) link for the attacks by AlFardan et al. is www.isg.rhul.ac.uk/tls. The "official" USENIX link, which should be long-lasting, is: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls Best wishes Kenny On 21/08/2013 13:59, "Andrei Popov" <Andrei.Popov@microsoft.com> wrote: >Hello All, > >RC4 is a widely deployed cipher, which is commonly preferred by TLS >servers: our tests show ~40% of the high-traffic HTTPS sites pick RC4 >if IE offers this cipher. A significant percentage of web sites and >e-mail servers have only RC4 enabled, so a client cannot altogether >disable RC4 without breaking interoperability. At the same time, >attacks on RC4 are improving (e.g. >http://www.isg.rhul.ac.uk/tls/), to the point that practical exploits >are possible. > >I have posted a new Internet-Draft ³Prohibiting RC4 Cipher Suites² >(draft-popov-tls-prohibiting-rc4-00 ><http://datatracker.ietf.org/doc/draft-popov-tls-prohibiting-rc4/>) to >deprecate the use of RC4 cipher suites in TLS. > >Looking forward to comments and feedback on the draft, > >Andrei Popov >
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Paterson, Kenny
- [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov