Re: [TLS] ban more old crap (was: A la carte concerns from IETF 93)

Viktor Dukhovni <> Thu, 23 July 2015 16:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 26EA91A03A9 for <>; Thu, 23 Jul 2015 09:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r0Rq-xZgo3Hy for <>; Thu, 23 Jul 2015 09:00:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 232A41A0195 for <>; Thu, 23 Jul 2015 09:00:35 -0700 (PDT)
Received: by (Postfix, from userid 1034) id 4F2C5284B53; Thu, 23 Jul 2015 16:00:34 +0000 (UTC)
Date: Thu, 23 Jul 2015 16:00:34 +0000
From: Viktor Dukhovni <>
Message-ID: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <>
Subject: Re: [TLS] ban more old crap (was: A la carte concerns from IETF 93)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jul 2015 16:00:38 -0000

On Thu, Jul 23, 2015 at 11:43:45AM -0400, Dave Garrett wrote:

> Right now, the restrictions section prohibits:
> RC4, SSL2/3, & EXPORT/NULL entirely (via min bits)
> and has "SHOULD" use TLS 1.3+ compatible with TLS 1.2, if available

So much for using NULL ciphers for client-server authentication on
loopback interfaces. :-(

Surely, in at least some cases, making it harder to make mistakes
needs to be addressed in toolkit and application interfaces, not
the protocol.  Removing weak algorithms that serve the same use-cases
poorly is fine, but removing non-traditional use-cases is perhaps
too drastic.

> Plus, "MUST" use DHE or ECDHE for ALL connections, even back to TLS 1.0,
> or abort with a fatal error.

Who's going to police the Internet to remove all the legacy services?

> By the way, even IE6 on XP supports DHE.

But not Exchange server 2003, and various Windows-based email gateway

> If we actually have to care about IE on
> XP, we could state an exception that the only non-PFS cipher suite to be
> permitted on servers for backwards compatibility is

Exchange 2003 has a broken 3DES implementation.  The only working
ciphersuites are RC4-SHA/RC4-MD5.

And there are surely plenty of legacy system that are neither HTTPS
or email.  It sure sounds like the radical surgery is largely for
HTTPS, and should be implemented in web servers and clients, not
the TLS protocol.