Re: [TLS] ban more old crap

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 25 July 2015 13:08 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E90951B2DE9 for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 06:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Hn9yb0aGP5F for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 06:08:29 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B2DF1B2E0F for <tls@ietf.org>; Sat, 25 Jul 2015 06:08:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6B1B8BE88 for <tls@ietf.org>; Sat, 25 Jul 2015 14:08:28 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KsRm17pJHCqd for <tls@ietf.org>; Sat, 25 Jul 2015 14:08:27 +0100 (IST)
Received: from [10.17.4.205] (unknown [193.86.243.7]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 13813BE58 for <tls@ietf.org>; Sat, 25 Jul 2015 14:08:26 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1437829707; bh=RYKREjfb/wAUx11PGooaeUPnZcBVeNQbnONeWrtvS7I=; h=Date:From:To:Subject:References:In-Reply-To:From; b=wuDnh71Rx0WJhi0R6pMu7ltGnqPNPi17aXztBNaT+Rke6Blg/LYdK7ItMF3+W1+3K ZC99kvXQo+7o/MXN+UsAwkLr3Xn5g/Yr7S+WqpSkYS/dUJioZHO/FzDswOOtlYHPl4 YcMYgPut49ZZmEDv9Kt1+u/c3yNOm3aCEjgGS8Ho=
Message-ID: <55B38A47.2010002@cs.tcd.ie>
Date: Sat, 25 Jul 2015 14:08:23 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: tls@ietf.org
References: <201507221610.27729.davemgarrett@gmail.com> <201507241257.43115.davemgarrett@gmail.com> <2164745.i4WjRk8WKj@pintsize.usersys.redhat.com> <201507241403.14071.davemgarrett@gmail.com> <20150725054622.GK4347@mournblade.imrryr.org>
In-Reply-To: <20150725054622.GK4347@mournblade.imrryr.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/eYpQWiChMjj7XM3cx7I7gvbPpfE>
Subject: Re: [TLS] ban more old crap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 13:08:31 -0000

(no hats and al that)

On 25/07/15 06:46, Viktor Dukhovni wrote:
> I hope, that by ~2017, RC4 will no longer be required either, and
> we'll be able to disable RC4 in Postfix at that time.

Seems to me that should be a reasonable match for expecting to see
TLS1.3 getting deployed in lots of parts of the mail infrastructure,
so that date would argue to not support rc4 at all in TLS1.3 in my
conclusion (not that I know much about mail deployment trends).

And if we have any support for rc4 in TLS1.3 it'll end up a footgun
that'll damage many toes, so count me amongst those arguing for no
rc4 (or similar) at all in TLS1.3.

Cheers,
S.