Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 09 September 2013 20:07 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 280F821F9D31 for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 13:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YTyG6mFFMa5i for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 13:07:05 -0700 (PDT)
Received: from mail-wg0-x231.google.com (mail-wg0-x231.google.com [IPv6:2a00:1450:400c:c00::231]) by ietfa.amsl.com (Postfix) with ESMTP id B035C21F9BC1 for <tls@ietf.org>; Mon, 9 Sep 2013 13:06:34 -0700 (PDT)
Received: by mail-wg0-f49.google.com with SMTP id l18so5634315wgh.28 for <tls@ietf.org>; Mon, 09 Sep 2013 13:06:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=jAFiGThvFsGV3RR9kE1b5Dd0GGJxz7PSfakJyBQZ0sY=; b=ibnvFsnU8kd+Z0+vqG9CIBtxUEHT3QjfqI+ByP0z83BkI9pnLlgI8jYIN0bcivxyzy 65cBdeZ++iIw8/GKJeY8OWaEJTpEbeAOLrWI8J748dO7WnNBBifKAjIErNSdYO3U8nmC eV/jzHdztzflppK7jpkZtoXDyYXQskwmWiKyr5WfsyENpk3h7WAN+l9dwj9Y3NxilDn8 QaXyxMzAiRBsijLFptFnC2sNgO9zlx3qaoTky73wq5bchg4OqGs1y305Fiy7nMoAcf+w clXBR7C+nydK+OhvceDxchVv+FL6nIXdHR8MXRfoeHuQPeTYed4VElOe0jPwji+1M5KS bkyw==
X-Received: by 10.180.90.19 with SMTP id bs19mr9772379wib.15.1378757173812; Mon, 09 Sep 2013 13:06:13 -0700 (PDT)
Received: from [10.0.0.8] ([109.65.190.101]) by mx.google.com with ESMTPSA id b13sm20203988wic.9.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 09 Sep 2013 13:06:13 -0700 (PDT)
Message-ID: <522E2A31.7090108@gmail.com>
Date: Mon, 09 Sep 2013 23:06:09 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <20130907224638.32356.96972.idtracker@ietfa.amsl.com> <522C3497.9020301@gmail.com> <522DE4D2.4020403@cs.tcd.ie>
In-Reply-To: <522DE4D2.4020403@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 20:07:09 -0000
Hi Stephen, thanks for your review. Please see comments inline. Yaron On 09/09/2013 06:10 PM, Stephen Farrell wrote: > > Hi Yaron, > > Thanks for doing this. I hope the WG adopt this and > process it quickly. So do I. This document will become way more valuable if the WG adopts it. > > A few comments: > > 1) Given recent news, I think section 2 should describe why > PFS is a good thing and should say a bit about how server > private keys can be exposed (e.g. someone hacks into > server and copies a private key file, or gets keys from > a decommissioned server), and the consequences that flow > if non-PFS ciphersuites are used. Agree. > > 2) I think an appendix or section that shows how to configure > a server to prefer whatever ciphersuite configurations end > up as recommended would be very valuable. I realise that that > would be server specific but it should be easy enough to get > for the most popular server or the two most popular. While > that information is already available on the web, and will > go out of date, its finicky stuff so it'd be good to make > all this easier for a site admin who reads the RFC in > the next couple of years. > I'm not crazy about including Apache directives in an RFC. More importantly, I believe this is more about the client offering the right ciphersuite in a high enough place than about the server, which normally must support any client that comes along. > 3) Similarly, saying how to turn off ciphersuites that you > don't want and which those are might be useful. This is a security vs. inclusiveness tradeoff. Even if we tell people to turn off RC4 on the server, they won't. > > 4) I also think it'd be good to give recommendations for > older versions of TLS (and maybe SSL) that are still > widely deployed, even though TLS 1.2 will have better > options and the overall recommendation is to use a > 1.2 ciphersuite. I wish I knew what to recommend for <1.2. Any ideas? > > 5) I agree with the point raised by Patrick that some > guidance about reasonable key lengths/strengths would > be good where its needed. I'd be ok with that being in > the non-normative bit where you show how to configure > stuff and/or in the security considerations. Agree. My current thinking, based on today's discussion, is 2048 bits for both DH and RSA. > > Some text related to a number of the above points can be > found via the links in a mail that Patrick Pelletier [1] > sent to the perpass list. > > Cheers, > S. > > [1] http://www.ietf.org/mail-archive/web/perpass/current/msg00062.html > > > On 09/08/2013 09:25 AM, Yaron Sheffer wrote: >> This is an early version of my proposal for a BCP-like document, to >> inform the industry on what can be done with existing implementations, >> while TLS 1.3 is still not ready. >> >> I would appreciate your comments of course. Specifically, >> I would like to fill in the Implementation Status table (Sec. 5) and >> would be glad to receive solid information (dates, planned dates, >> version numbers) from implementers. >> >> Thanks, >> Yaron >> >> -------- Original Message -------- >> Subject: New Version Notification for draft-sheffer-tls-bcp-00.txt >> Date: Sat, 07 Sep 2013 15:46:38 -0700 >> From: internet-drafts@ietf.org >> To: Yaron Sheffer <yaronf.ietf@gmail.com> >> >> >> A new version of I-D, draft-sheffer-tls-bcp-00.txt >> has been successfully submitted by Yaron Sheffer and posted to the >> IETF repository. >> >> Filename: draft-sheffer-tls-bcp >> Revision: 00 >> Title: Recommendations for Secure Use of TLS and DTLS >> Creation date: 2013-09-08 >> Group: Individual Submission >> Number of pages: 8 >> URL: http://www.ietf.org/internet-drafts/draft-sheffer-tls-bcp-00.txt >> Status: http://datatracker.ietf.org/doc/draft-sheffer-tls-bcp >> Htmlized: http://tools.ietf.org/html/draft-sheffer-tls-bcp-00 >> >> >> Abstract: >> Over the last few years there have been several serious attacks on >> TLS, including attacks on its most commonly used ciphers and modes of >> operation. This document offers recommendations on securely using >> the TLS and DTLS protocols, given existing standards and >> implementations. >> >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >>
- [TLS] Fwd: New Version Notification for draft-she… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Paterson, Kenny
- Re: [TLS] Fwd: New Version Notification for draft… Patrick Pelletier
- Re: [TLS] Fwd: New Version Notification for draft… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… Patrick Pelletier
- Re: [TLS] [perpass] Fwd: New Version Notification… Yoav Nir
- Re: [TLS] [perpass] Fwd: New Version Notification… Nikos Mavrogiannopoulos
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Michael Ströder
- Re: [TLS] New Version Notification for draft-shef… Yoav Nir
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Patrick Pelletier
- Re: [TLS] Fwd: New Version Notification for draft… Hanno Böck
- Re: [TLS] Fwd: New Version Notification for draft… Peter Gutmann
- Re: [TLS] New Version Notification for draft-shef… james hughes
- Re: [TLS] Fwd: New Version Notification for draft… Sean Turner
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer