Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Aaron Zauner <azet@azet.org> Fri, 22 May 2015 03:20 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEF1C1A909C for <tls@ietfa.amsl.com>; Thu, 21 May 2015 20:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zhWfQsnsvyOn for <tls@ietfa.amsl.com>; Thu, 21 May 2015 20:20:31 -0700 (PDT)
Received: from mail-wg0-f49.google.com (mail-wg0-f49.google.com [74.125.82.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCE0A1A9096 for <tls@ietf.org>; Thu, 21 May 2015 20:20:30 -0700 (PDT)
Received: by wgfl8 with SMTP id l8so5263376wgf.2 for <tls@ietf.org>; Thu, 21 May 2015 20:20:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=X3qsWGwns2Hy3/OxvcISwA0/F/USBU9RncujUOqx2M4=; b=lO5b6XPjgZrAwcuN23MdbrZI4c/EDh5y4fIKGphdxvUer8aKRH4DGwbfrADrDp3eLG QWHJd8AyFqldb/kHYa/rn3KKKPvbvjFdcaKUlQx8EquGh1WvExeTU/FwJGFE6BhrLsRU HnF2JSAwUDm64+eUGqZhewNs0gf8SoCaRVPYmilg3/tZ1a5KvLA7CtS33ol3Ip8SQYQJ vb0lRIRz0hYrXeiXSlBHyjmaSNmlfb8Yid2C3xvAZrKIqpE4EvUd3MolIJSIBT4Lq4XS S09IyG7D+ZkjW9fYHy/WLMXM+whIMegc1lye0zSPJNVMTufhyUWng+JZhMW+x+MMEQ7z fkPw==
X-Gm-Message-State: ALoCoQkoBoxO6unv9w0Wgs2Xeomzg3yd5cS1RWJf0N5GMcem/QiyzZMQNDcMTkbMFjPr825KJTFx
X-Received: by 10.180.83.40 with SMTP id n8mr3138590wiy.57.1432264829508; Thu, 21 May 2015 20:20:29 -0700 (PDT)
Received: from typhoon.azet.org (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id b2sm1034399wje.40.2015.05.21.20.20.28 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 May 2015 20:20:28 -0700 (PDT)
Date: Fri, 22 May 2015 05:20:30 +0200
From: Aaron Zauner <azet@azet.org>
To: Dave Garrett <davemgarrett@gmail.com>
Message-ID: <20150522032029.GA24064@typhoon.azet.org>
References: <201505211210.43060.davemgarrett@gmail.com> <20150522025214.GA21141@typhoon.azet.org> <CAHOTMVJ1i+h3x8UShLhku5VcFiB4RRrUmPZL6cz7LnHMeHzAFA@mail.gmail.com> <201505212304.11513.davemgarrett@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI"
Content-Disposition: inline
In-Reply-To: <201505212304.11513.davemgarrett@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/cxqwdv4DAmJN3s73M96OdS4En0g>
Cc: tls@ietf.org
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 03:20:32 -0000

* Dave Garrett <davemgarrett@gmail.com>; [22/05/2015 05:04:13] wrote:
> That said, the RC4 diediedie is getting largely ignored. To actually kill something like this off, it seems to need to be done as a panic response or as a requirement of something new that everyone starts together. (e.g. SSL3 diediedie or old TLS with HTTP/2) Thus was my reasoning for at least attempting to suggest it here. :|

I don't have that impression at all. The RC4 and SSLv3 deprecation
documents even got (some) media attention, which is quite rare for
IETF documents. Same with the UTA BCP on TLS and attacks.

As suggested in the starting post this would effectively mean that
an implementation that does support 1.3 MUST NOT support anything
lower than that. Which -- of course -- means you're locking users
out that only have poor/bad crypto at hand. Somewhat refering to the
opportunistic debate; it's again bad crypto vs. no crypto at all. :/

Aaron