IETF Logo Mail Archive

Re: [TLS] RC4 depreciation path (Re: Deprecating more (DSA?))

Yoav Nir <ynir.ietf@gmail.com> Sat, 19 April 2014 20:41 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C62C1A00D5 for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 13:41:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.071
X-Spam-Level:
X-Spam-Status: No, score=0.071 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URI_NO_WWW_INFO_CGI=2.071] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mL-WjI2mJCrL for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 13:40:58 -0700 (PDT)
Received: from mail-ee0-x22a.google.com (mail-ee0-x22a.google.com [IPv6:2a00:1450:4013:c00::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 1C89F1A00CF for <tls@ietf.org>; Sat, 19 Apr 2014 13:40:57 -0700 (PDT)
Received: by mail-ee0-f42.google.com with SMTP id d17so2599231eek.15 for <tls@ietf.org>; Sat, 19 Apr 2014 13:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=VpwkRGNPCnl+oDKQQkzuQj2F7fQ/3txld8Xp+kUZTW8=; b=rCR+IlcmZwr0B16gND+oiMnRAhPmr8zNRoMMMXJwkPoZ1eJY1v7+8ztqD4EIqvYqv+ Z3En6b9opTBaBJvuLLZlslpqR2s6wqHLtWPWZqoIl8OMKtSjbiFW8eM6Fu4+oeHgyQwH DImum6HpM4nEoL+pkgKtlfI/yY9R4y5/x0KQpV/b6g0GX8HemTTPrbBnXbeedf/Iv5AB 5UtRpZFzpJkAAmMSWbzkIqC+5aVNCKmZGNbb+kSAN2yTkeVVuCMmyWtZ8Pg8m7edoxF1 qmOIqqgNYP8VSwN5NUHXvBMSFVNIAgBvgiNMHb42IRc+x5aXtr8cwPbCPnZ9Fde31Cjm 0IQA==
X-Received: by 10.15.22.201 with SMTP id f49mr33201878eeu.18.1397940053161; Sat, 19 Apr 2014 13:40:53 -0700 (PDT)
Received: from [192.168.1.102] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id o7sm88549057eew.25.2014.04.19.13.40.45 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 19 Apr 2014 13:40:52 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20140419195434.GA21513@roeckx.be>
Date: Sat, 19 Apr 2014 23:40:30 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <812BA37F-C06F-4316-8747-B7C11F8847D5@gmail.com>
References: <CACsn0cnZFScA1WnitpHH--6_Kd0spfLQvmvniyCSnUmvr8xVhg@mail.gmail.com> <20140419131019.GA29561@roeckx.be> <AFC6B628-8D22-4B06-B2B8-7B047515FFB3@gmail.com> <20140419195434.GA21513@roeckx.be>
To: Kurt Roeckx <kurt@roeckx.be>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Vixz6HWUgchS1vlrS1BYCKwGxoU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RC4 depreciation path (Re: Deprecating more (DSA?))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2014 20:41:02 -0000

On Apr 19, 2014, at 10:54 PM, Kurt Roeckx <kurt@roeckx.be> wrote:
> 
> For stats about servers, see:
> https://www.trustworthyinternet.org/ssl-pulse/
> https://jve.linuxwall.info/blog/index.php?post/TLS_Survey

Oh. Doing ephemeral diffie-hellman just to then use the results to encrypt with DES.  And over a quarter of the servers do this. I have to wonder how many of the (at least) 379 servers that support NULL ciphers actually meant it. Or of the 14% who support RC2.

v2.23.0 | Report a Bug | By Email