Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 06 October 2014 17:13 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 740561A8549 for <tls@ietfa.amsl.com>; Mon, 6 Oct 2014 10:13:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WISTzJcxoTJN for <tls@ietfa.amsl.com>; Mon, 6 Oct 2014 10:13:50 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0116.outbound.protection.outlook.com [65.55.169.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E75EE1A8712 for <tls@ietf.org>; Mon, 6 Oct 2014 10:13:43 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) with Microsoft SMTP Server (TLS) id 15.0.1044.10; Mon, 6 Oct 2014 17:13:42 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.1044.008; Mon, 6 Oct 2014 17:13:42 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: James Cloos <cloos@jhcloos.com>, Watson Ladd <watsonbladd@gmail.com>
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
Thread-Index: AQHP3vtVNMA/cCYK50uAePFfMxwCEpwe5rNWgANKmgCAAOVSioAAOvlg
Date: Mon, 06 Oct 2014 17:13:42 +0000
Message-ID: <ed84c3838d6f491e9a6e63295cf93c98@BL2PR03MB419.namprd03.prod.outlook.com>
References: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp> <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C71D2F8F7E83@USMBX1.msg.corp.akamai.com> <CADMpkcJEt4e7LJAY+FsFcbyQE2x3SXsaOW3bffV4U2oN9EUKrg@mail.gmail.com> <542D850E.2060900@akr.io> <CADMpkc+Zbu64wek2HayW2tCf+d1ZYLocMp2PzXncyS=fHPDwsg@mail.gmail.com> <542DB1D4.4020601@akr.io> <20141003042418.GS13254@mournblade.imrryr.org> <1878200851.5790803.1412334914571.JavaMail.zimbra@redhat.com> <m3bnpsq1gk.fsf@carbon.jhcloos.org> <CACsn0cn5hpBHiFyPkaJ5Fik-GaDPy7BNCxxw=cHu4BzrJSTr_A@mail.gmail.com> <m3mw99mijj.fsf@carbon.jhcloos.org>
In-Reply-To: <m3mw99mijj.fsf@carbon.jhcloos.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e8:ed31::3]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB419;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 03569407CC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(13464003)(189002)(377454003)(2656002)(76576001)(20776003)(40100001)(87936001)(85852003)(21056001)(86612001)(95666004)(106116001)(64706001)(33646002)(85306004)(10300001)(107046002)(93886004)(4396001)(19580405001)(19580395003)(86362001)(76482002)(99396003)(15975445006)(120916001)(80022003)(74316001)(97736003)(101416001)(54356999)(76176999)(46102003)(106356001)(105586002)(99286002)(230783001)(50986999)(108616004)(122556001)(3826002)(24736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB419; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/cQxe_G-wK4BngHJ3J9lb2jYKmRw
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 17:13:53 -0000

> TO be clear, I wasn't arguing against retiring rc4, just noting that sites exist which are unlikely to do so in the short to medium term.
Absolutely, but I think most new RFCs take a while to be implemented and deployed. RC4 is not going to become any more secure in the short, medium, or long term, so I believe prohibiting-RC4 will remain relevant for as long as TLS versions <1.3 are in use.

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of James Cloos
Sent: Monday, October 6, 2014 6:31 AM
To: Watson Ladd
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

>>>>> "WL" == Watson Ladd <watsonbladd@gmail.com> writes:

>> So the problem isn't just updating typical web servers, but also 
>> dealing with what are likely low-spec closed-source fronts.  It may 
>> be impossible for some of the rc4-only sites to fix that w/o 
>> replacing (probably over-
>> priced) hardware.

WL> Then that's what they are going to have to do at some point. SHOULD 
WL> pushes that point off with no reason.

TO be clear, I wasn't arguing against retiring rc4, just noting that sites exist which are unlikely to do so in the short to medium term.

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls