Re: [TLS] NULL cipher to become a MUST NOT in UTA BCP

Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 05 September 2014 13:49 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DEDF1A06C6 for <tls@ietfa.amsl.com>; Fri, 5 Sep 2014 06:49:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZaAVzCjq94S for <tls@ietfa.amsl.com>; Fri, 5 Sep 2014 06:49:51 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC4E91A06BF for <tls@ietf.org>; Fri, 5 Sep 2014 06:49:50 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E59132AB2CF; Fri, 5 Sep 2014 13:49:48 +0000 (UTC)
Date: Fri, 05 Sep 2014 13:49:48 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20140905134948.GK26920@mournblade.imrryr.org>
References: <r422Ps-1075i-64A8CB473A3A4501BBB2C3138C71A13E@Williams-MacBook-Pro.local> <5409B592.7070801@fifthhorseman.net> <CADMpkcKa-A-qGYLnZpFVtFcXVnbBkkBAu0V8zcfk+M03Mm1_AQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADMpkcKa-A-qGYLnZpFVtFcXVnbBkkBAu0V8zcfk+M03Mm1_AQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Umid-x2igTjCBadAIZMU7D7ysLQ
Subject: Re: [TLS] NULL cipher to become a MUST NOT in UTA BCP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Sep 2014 13:49:52 -0000

On Fri, Sep 05, 2014 at 03:30:55PM +0200, Bodo Moeller wrote:

> If NULL encryption cipher suites can't be enabled together with non-NULL
> encryption cipher suites, you'd break any server that attempts to allow
> NULL encryption for clients that decide they don't need encryption (e.g.,
> because they're connecting to localhost) while supporting non-NULL ciphers
> for clients that don't offer NULL encryption for whatever reason (e.g.,
> because the implementor just doesn't like NULL encryption, which I think is
> a position worthy of support).  Same for clients.  I'd rather prefer for
> the BCP to avoid this quagmire entirely.

This is why my suggestion was specifically about the initiator
(client):

    What is much more reasonable is that initiators (clients) should
    refuse to negotiate (should suppress any configured) NULL cipher
    suites when any non NULL cipher suite is enabled.  This prevents
    accidents, without breaking carefully considered NULL to NULL
    deployments.

It leaves room for dual-purpose servers.

-- 
	Viktor.