IETF Logo Mail Archive

Re: [TLS] Killing Algorithms

Richard Moore <rich@kde.org> Fri, 03 April 2015 23:54 UTC

Return-Path: <richmoore44@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CF281A87E0 for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 16:54:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WwzW9DGBIBVm for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 16:54:38 -0700 (PDT)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 503971A877F for <tls@ietf.org>; Fri, 3 Apr 2015 16:54:38 -0700 (PDT)
Received: by obbec2 with SMTP id ec2so186974899obb.3 for <tls@ietf.org>; Fri, 03 Apr 2015 16:54:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=ryAi0SNZEtjg20vog9iks7wZBTcl0k9Lpi+q3+qaYf4=; b=ZL73UfCFwYrmbkYLUUQAo4xbYndbmXuA5N+Shk1CLYNHVG71Q2SW/9eNO3QY9qIN8X VGfnhGKK0K9pZqZCbu9bgiIHeU5yff1LBIgy8OqDFnkZLP/pii0WrMYFgyL2NjSzQ1Sn vbLo7AO0K7rGIv5iIrrKnaou6AAwCqQt136qoes2hz3o3rAjP9ivlfLhmPw74FL58Cvg UPlIN0iTbELxFvGlFUZdBSpLfg777nSJdAu0t8q+UNs9E5ZBr78i3Qhl9HdjuTgrAn+v E9b4Q2tpcC9NhQQv8h4LI6psLBPc0earUrqkcFo44O8XWPlfK/mQN6x7NdCND2zvI7He FnBg==
MIME-Version: 1.0
X-Received: by 10.182.210.197 with SMTP id mw5mr5658287obc.26.1428105277777; Fri, 03 Apr 2015 16:54:37 -0700 (PDT)
Sender: richmoore44@gmail.com
Received: by 10.182.22.51 with HTTP; Fri, 3 Apr 2015 16:54:37 -0700 (PDT)
In-Reply-To: <87sich9bar.fsf@alice.fifthhorseman.net>
References: <r422Ps-1075i-F8BE1282BAD64B8397E9DAE49D77123B@Williams-MacBook-Pro.local> <551EB007.2010304@azet.org> <87sich9bar.fsf@alice.fifthhorseman.net>
Date: Sat, 04 Apr 2015 00:54:37 +0100
X-Google-Sender-Auth: 8SN9IQnqQ4VHU3rcJZIU_8mz8MI
Message-ID: <CAMp7mVuECTsqwXCOPH15VTYtXfx7n93Kg2NmL0WiTmOS70GcZw@mail.gmail.com>
From: Richard Moore <rich@kde.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: multipart/alternative; boundary="001a11c29be8c8ac560512daabd2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/f603X05E6KUei51uMCY2cIRacMo>
Cc: tls@ietf.org
Subject: Re: [TLS] Killing Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 23:54:39 -0000

On 3 April 2015 at 22:01, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:

>   * not every implementation has a wall clock, or has it set right.
>     what happens to these machines?
>
>
This problem already exists since you need the time to validate the
certificate.

Overall though, I'm not in favour of having a set cut off date except
perhaps for ciphers we already know are weak, however since the idea is to
design a new version of TLS why would things that are known to be weak be
included in the first place?

Rich.

v2.23.0 | Report a Bug | By Email