MIME-Version: 1.0
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4D04810@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4CF009C@uxcn10-5.UoA.auckland.ac.nz>
 <20160816145548.GQ4670@mournblade.imrryr.org>
 <9A043F3CF02CD34C8E74AC1594475C73F4CF1AC9@uxcn10-5.UoA.auckland.ac.nz>
 <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
 <9A043F3CF02CD34C8E74AC1594475C73F4CF416C@uxcn10-5.UoA.auckland.ac.nz>
 <m260qwppxa.fsf@localhost.localdomain>
 <CAF8qwaB-p1X6vcKZ7=GfPe_hWxOB+g4T2mKaugpbYAKNJngJ7g@mail.gmail.com>
 <9A043F3CF02CD34C8E74AC1594475C73F4D04810@uxcn10-5.UoA.auckland.ac.nz>
From: Ryan Hamilton <rch@google.com>
Date: Sat, 27 Aug 2016 07:28:31 -0700
Message-ID: <CAJ_4DfRzXbEK2m0B3KF=8svGSz_Dc8fiPgYacv2Z6hzmOEgKQg@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary=001a1145a97c0caeb6053b0e7294
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WY89yyRAu1nXXU0MLN6geCvlWM8>
Cc: Geoffrey Keating <geoffk@geoffk.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman
 Ephemeral Parameters for Transport Layer Security (TLS)
Precedence: list

--001a1145a97c0caeb6053b0e7294
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 27, 2016 at 6:27 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> David Benjamin <davidben@chromium.org> writes:
>
> >TLS 1.3 will resolve this with the new cipher suite negotiation, but I
> agree
> >this makes the specification basically undeployable with TLS 1.2. This
> issue
> >also got brought up here:
> >https://www.ietf.org/mail-archive/web/tls/current/msg18697.html
>
> Hmm, good point.  So reading between the lines of the various comments on
> this
> issue, the feeling seems to be "ignore this RFC".  That more or less
> answers
> my question, I'll leave it out of TLS-LTS apart from mentioning it as
> another
> source of DH groups.
>
> >Barring unforeseen problems, Chrome will also lose DH in the next releas=
e.
>
> Which will be yet another headache for people working with SCADA devices,
> who
> are seeing themselves locked out more and more from being able to admin
> their
> systems when browser vendors arbitrarily decide to deprecate
> long-established
> mechanisms.  I know of operators who are running IE 6 in XP VMs because
> that's
> the only thing that'll still talk to some devices they use (OK, old
> versions
> of FF and Chrome will do it too if you can find them, but then they alway=
s
> want to update themselves to less old versions that stop working again).
>
> Couldn't Chrome include an optional legacy mode that just works with
> existing
> systems, perhaps triggered by access to a device at an RFC 1918 address?
>

=E2=80=8BAlternatively, someone could write a "Legacy TLS" to "Current TLS"=
 proxy,
which could run on the client's computer to sit in front of these legacy
devices. This would allow browsers to continue adding new security features
to protect users, while still allowing access to legacy systems.=E2=80=8B


> There really is, in some cases, nothing available any more that will talk
> to
> entire families of SCADA devices because browsers assume the only thing
> that
> matters is the public WWW and won't accommodate anything that isn't.
>
> (At some point someone's going to figure out they can make a lot of money
> by
> taking Firefox 3.0, rebranding it, and selling it as an embedded device
> management solution, because it'll talk to all the things that current
> browsers won't any more).
>
> Peter.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

--001a1145a97c0caeb6053b0e7294
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:trebuche=
t ms,sans-serif"><br></div><div class=3D"gmail_extra"><br><div class=3D"gma=
il_quote">On Sat, Aug 27, 2016 at 6:27 AM, Peter Gutmann <span dir=3D"ltr">=
&lt;<a href=3D"mailto:pgut001@cs.auckland.ac.nz" target=3D"_blank" class=3D=
"cremed">pgut001@cs.auckland.ac.nz</a>&gt;</span> wrote:<br><blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pa=
dding-left:1ex"><span class=3D"">David Benjamin &lt;<a href=3D"mailto:david=
ben@chromium.org" class=3D"cremed">davidben@chromium.org</a>&gt; writes:<br=
>
<br>
&gt;TLS 1.3 will resolve this with the new cipher suite negotiation, but I =
agree<br>
&gt;this makes the specification basically undeployable with TLS 1.2. This =
issue<br>
&gt;also got brought up here:<br>
&gt;<a href=3D"https://www.ietf.org/mail-archive/web/tls/current/msg18697.h=
tml" rel=3D"noreferrer" target=3D"_blank" class=3D"cremed">https://www.ietf=
.org/mail-<wbr>archive/web/tls/current/<wbr>msg18697.html</a><br>
<br>
</span>Hmm, good point.=C2=A0 So reading between the lines of the various c=
omments on this<br>
issue, the feeling seems to be &quot;ignore this RFC&quot;.=C2=A0 That more=
 or less answers<br>
my question, I&#39;ll leave it out of TLS-LTS apart from mentioning it as a=
nother<br>
source of DH groups.<br>
<span class=3D""><br>
&gt;Barring unforeseen problems, Chrome will also lose DH in the next relea=
se.<br>
<br>
</span>Which will be yet another headache for people working with SCADA dev=
ices, who<br>
are seeing themselves locked out more and more from being able to admin the=
ir<br>
systems when browser vendors arbitrarily decide to deprecate long-establish=
ed<br>
mechanisms.=C2=A0 I know of operators who are running IE 6 in XP VMs becaus=
e that&#39;s<br>
the only thing that&#39;ll still talk to some devices they use (OK, old ver=
sions<br>
of FF and Chrome will do it too if you can find them, but then they always<=
br>
want to update themselves to less old versions that stop working again).<br=
>
<br>
Couldn&#39;t Chrome include an optional legacy mode that just works with ex=
isting<br>
systems, perhaps triggered by access to a device at an RFC 1918 address?<br=
></blockquote><div><br></div><div><div class=3D"gmail_default" style=3D"fon=
t-family:&quot;trebuchet ms&quot;,sans-serif">=E2=80=8BAlternatively, someo=
ne could write a &quot;Legacy TLS&quot; to &quot;Current TLS&quot; proxy, w=
hich could run on the client&#39;s computer to sit in front of these legacy=
 devices. This would allow browsers to continue adding new security feature=
s to protect users, while still allowing access to legacy systems.=E2=80=8B=
</div></div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
There really is, in some cases, nothing available any more that will talk t=
o<br>
entire families of SCADA devices because browsers assume the only thing tha=
t<br>
matters is the public WWW and won&#39;t accommodate anything that isn&#39;t=
.<br>
<br>
(At some point someone&#39;s going to figure out they can make a lot of mon=
ey by<br>
taking Firefox 3.0, rebranding it, and selling it as an embedded device<br>
management solution, because it&#39;ll talk to all the things that current<=
br>
browsers won&#39;t any more).<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Peter.<br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5">_____________________=
_________<wbr>_________________<br>
TLS mailing list<br>
<a href=3D"mailto:TLS@ietf.org" class=3D"cremed">TLS@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/tls" rel=3D"noreferrer" ta=
rget=3D"_blank" class=3D"cremed">https://www.ietf.org/mailman/<wbr>listinfo=
/tls</a><br>
</div></div></blockquote></div><br></div></div>

--001a1145a97c0caeb6053b0e7294--