Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 13 March 2014 23:01 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 113481A0760 for <tls@ietfa.amsl.com>; Thu, 13 Mar 2014 16:01:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dY1KJDT_nn22 for <tls@ietfa.amsl.com>; Thu, 13 Mar 2014 16:01:35 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id 25A561A058E for <tls@ietf.org>; Thu, 13 Mar 2014 16:01:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1394751689; x=1426287689; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=tN2DgIxmOMliBssg+KS1fOtSl++vO7+G+UXOPJJi5HQ=; b=Uy+PfqnBG8X825aLmL/nb7+CPTETNzNvpdPJezGDTqV5DCwa9PR1DopN 4+uAe8nmq47ZN3lXG5hsxC+/wR2417Zk+fQ/DZQFOMfbIp9Xz7q+ri9L9 AhFp8vqtVf8ZYjZpQWg7X+wHxZVicCvs2A9lbho3Fey+7ux1SPNo7DJHu 4=;
X-IronPort-AV: E=Sophos;i="4.97,649,1389697200"; d="scan'208";a="239570070"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from uxchange10-fe1.uoa.auckland.ac.nz ([130.216.4.112]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 14 Mar 2014 12:01:27 +1300
Received: from UXCN10-6.UoA.auckland.ac.nz ([169.254.10.53]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.03.0174.001; Fri, 14 Mar 2014 12:01:26 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
Thread-Topic: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
Thread-Index: Ac8/ECkmgTZ4h3K+S8u8HHUPIcV3Hw==
Date: Thu, 13 Mar 2014 23:01:26 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C737238B6C3@uxcn10-6.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/XKxTwatcnd2Jy44Hfz4LyVplzeE
Subject: Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 23:01:41 -0000
Alyssa Rowan <akr@akr.io> writes: >Can we perhaps make that a SHOULD NOT (or even a MUST NOT), if it somehow >isn't already? It's way too common in the wild, and it really is next to >useless practice from the same kind of wilful carelessness that brought the >world so many default/engineering/field service passwords/backdoors. I doubt it'll make any difference, those who would read and follow the RFC on this point won't be using insecure certs/keys anyway, and those who are using them will ignore (or not even read to that point) the RFC. I've heard this sort of thing referred to in the past as "workgroup posturing", and that's unfortunately what it'll be... Peter.
- [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_G… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Manuel Pégourié-Gonnard
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Daniel Kahn Gillmor
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Alyssa Rowan
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Alexandre Anzala-Yamajako
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Yoav Nir
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Peter Gutmann
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Alyssa Rowan
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Yaron Sheffer
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Martin Rex
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Yaron Sheffer
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Kurt Roeckx
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Peter Gutmann