Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
Alyssa Rowan <akr@akr.io> Thu, 02 October 2014 08:01 UTC
Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB41B1A0151 for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 01:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qtDNrkbclSel for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 01:01:41 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA1061A0107 for <tls@ietf.org>; Thu, 2 Oct 2014 01:01:40 -0700 (PDT)
In-Reply-To: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp>
References: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: Alyssa Rowan <akr@akr.io>
Date: Thu, 02 Oct 2014 09:01:29 +0100
To: tls@ietf.org
Message-ID: <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Za8v4MqRrOZP4OObq1uRNIolADY
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 08:01:43 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2 October 2014 01:58:04 BST, mrex@sap.com wrote: >PS: I still object to the MUST fail requirement to the server. Objection from you and Rich noted, but I really do not agree. This draft absolutely must not be watered down. We should treat weak crypters as broadly equivalent to NULL. That is what this does. I think fallback to RC4 is an insecure practice that we must not continue to condone. We have several strong ciphers, some with better performance, and we've known that RC4 was a tad wobbly for years: quite frankly the time for compatibility fallbacks and gentle transitions was 5 years ago or something and is now quite firmly passed. At this point, RC4 is a shambling undead zombie of an old 1980s 8086 crypter. Kill it with fire; stake it in the heart; bury it at a crossroads and dance on its gravestone. And I think that we have reached WG consensus on that point broadly, despite your objections: as there is widespread recognition I think that if we do continue to sanction RC4's use for any reason, that will be the reason we'll never get rid of the damned thing (because people like you and Rich will keep accepting it when presented, to keep your clients with XP and prehistoric Android happy, but that unfortunately also makes Eve happy). Anyone is entirely free to ignore confidentiality if they don't judge it's important in their scenario - but that doesn't mean it's a good idea for the internet at large, or that they weren't warned about the risk and chose to use it anyway. >The list of cipher suites in that document should better include the cipher suite code points! I do agree with this point, it would make it a little clearer and more unambiguous. Subject to perhaps adding the ciphersuite codepoints, +1 for this draft. - -- /akr -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI3BAEBCgAhBQJULQZYGhxBbHlzc2EgUm93YW4gPGFrckBha3IuaW8+AAoJEOyE jtkWi2t6GIMP/1BKbDfYMpuK99r+Es8AEzKl08kyQ1IHvSnzZlpACyGbGcQAiAHi pNu1bTvaubxCftp0hc5dLgOU1KWB29QK0N6AYW9WOAFV+qIIN5WG29XH/EgK07bz 6FpTO/sXkq1VsPJZH0k0mWzVK6EqmNzFrONL2K43WfYxbli0Noo1fK78Cu82d4+V wMS6WbxxSPjyCWlz2gSjC1H0nA31Bv7AywdhbLJGI+U22yGVCsWyhTX/nG0VG7Qt G9yyXiFMSdrFNVERT7AFxJ4xKoCAkPXotIu8m+dZOD4zzN/lOYDCj3Htmy01lWcD tgj9Xrc06pHYuVpJGxu5s14Sm8qay2S3tv10cZnxRBL+GN+EtN/xnXAVZr7Yu4kS OwAOKLrnMWsjJzlthJGONib0MnYpWMz4FVY1xoqoBpoCkW+Eljb1aOVHJ08Excbd tFPwNXpgL6lG6KiiepfL3yq+Ru+liHMoAiVf8R9KmkwBQIS5H2270DVSkSyopQnB W0ug8aPsMYpY1av2rLMbuCRrrCNirOhdPBukeVEdLBN5fgpJwALTkGXH5xjlIRPV vi9IQdckUHW7rVxHC09XOLLi31p1tSNnZ32TMN2deu2tCe7AoVCQ236T/kPYAwgg w9gnYublcf+wfgBUQ1wGikqQ+KGW2MnNPjPsBHSw7t4Tx1g0r1ONDKgw =QZJ9 -----END PGP SIGNATURE-----
- [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Martin Rex
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Hanno Böck
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Bodo Moeller
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Bodo Moeller
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Alyssa Rowan
- [TLS] adopting ChaCha20 as a WG item was: I-D Act… Nikos Mavrogiannopoulos
- Re: [TLS] adopting ChaCha20 as a WG item was: I-D… Yoav Nir
- Re: [TLS] adopting ChaCha20 as a WG item was: I-D… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Bodo Moeller
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Andrei Popov
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Martin Rex
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Bodo Moeller
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Alyssa Rowan
- Re: [TLS] adopting ChaCha20 as a WG item was: I-D… Yoav Nir
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Geoffrey Keating
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Watson Ladd
- [TLS] why Chacha20-SHA1 was: adopting ChaCha20 as… Nikos Mavrogiannopoulos
- Re: [TLS] why Chacha20-SHA1 was: adopting ChaCha2… Joachim Strömbergson
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Yoav Nir
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Peter Gutmann
- Re: [TLS] why Chacha20-SHA1 was: adopting ChaCha2… Brian Smith
- Re: [TLS] why Chacha20-SHA1 was: adopting ChaCha2… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… James Cloos
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Paul Lambert
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Ryan Carboni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Carl S. Gutekunst
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… James Cloos
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Andrei Popov
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Martin Rex
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Yoav Nir
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Martin Rex
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Ralph Holz
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Ronald del Rosario
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Chris Newman
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Joseph Salowey
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Andrei Popov
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Andrei Popov
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Yoav Nir
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Ryan Carboni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Ryan Carboni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Paterson, Kenny
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Hubert Kario
- [TLS] Fw: I-D Action: draft-ietf-tls-prohibiting-… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Stephen Checkoway
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Geoffrey Keating
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-… Blumenthal, Uri - 0558 - MITLL