Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
Yoav Nir <ynir.ietf@gmail.com> Wed, 23 April 2014 19:25 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D631B1A0422 for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 12:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v8bSaOx4enJQ for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 12:25:07 -0700 (PDT)
Received: from mail-ee0-x230.google.com (mail-ee0-x230.google.com [IPv6:2a00:1450:4013:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id 0A1E01A050E for <tls@ietf.org>; Wed, 23 Apr 2014 12:25:05 -0700 (PDT)
Received: by mail-ee0-f48.google.com with SMTP id b57so1114570eek.7 for <tls@ietf.org>; Wed, 23 Apr 2014 12:24:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ERZT2wqSwoQ5a333CQECrWwMT/9t6hQdJU1bq5eXx9Y=; b=FgezpSSY1mt+nfEWkjJLbkno8dJx+3GeJYn/zS9PeuL56IL7l7O952HceN60RQ72EY 1S2tRb4oiIddXSGA+Nv336k0ZeTRlrffFIjE+/XiWCDtXFCFh5RFu+sNPE61OcFQnj04 IggOrMRDEwuh8olzsyfMlOWz85t9FlHy2Y3y9c0/fTxQP4DLnWUdeN+s9/DJybtM//13 uSNtU0bH8dTCHj60rwciiWCPVUAq/ToQ92mzihK8aMD2x/hFQOuiZTd3h2YcpSTUAahp uej5xfRZQTBFkwtE7GUpRFXam6mIhgw8ZSls9iJmK0Dl6bwStVu+g7Yxh08nBhZIBGJ+ V56A==
X-Received: by 10.14.109.201 with SMTP id s49mr18847474eeg.88.1398281099783; Wed, 23 Apr 2014 12:24:59 -0700 (PDT)
Received: from [192.168.1.102] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id u1sm8868298eex.31.2014.04.23.12.24.49 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Apr 2014 12:24:59 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CF7DC161.1C4FC%kenny.paterson@rhul.ac.uk>
Date: Wed, 23 Apr 2014 22:24:27 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <DEB7296B-C91C-47CF-8BB8-3C73AE6C74F6@gmail.com>
References: <CAFggDF0Kh+F3R+NtKZ-WhQWn3gO9quGhaFL8Qnx1a6TiVbAmGQ@mail.gmail.com> <20140423150707.F18C11ACDB@ld9781.wdf.sap.corp> <CACsn0cmP6pp_aMYrCb3-4QBae6v8uuNQYZZW8jxnMaSgPy8SXA@mail.gmail.com> <CF7DBB70.1C4C6%kenny.paterson@rhul.ac.uk> <2A0EFB9C05D0164E98F19BB0AF3708C7120C35E25E@USMBX1.msg.corp.akamai.com> <CF7DC161.1C4FC%kenny.paterson@rhul.ac.uk>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/kasrZXZRrrrU5X99RziHSdT4U-8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 19:25:10 -0000
On Apr 23, 2014, at 9:15 PM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk> wrote: > On 23/04/2014 19:12, "Salz, Rich" <rsalz@akamai.com> wrote: > >> Thanks for posting; it's great to have a cryptographer weigh in. >> >> So, at the risk of putting you on the spot: what do you think we >> (TLS-WG) should do? >> > > I think we should deprecate RC4 now, in the hope that in the medium term, > we can reduce the amount of RC4 being negotiated in TLS. > > As others have said, the RFC, if published, gives a useful stick with > which to beat the appropriate people/argue for change. I agree. Just let’s not overestimate our influence. In January 1999 RFC 2459 said this: Den Boer and Bosselaers [DB94] have found pseudo-collisions for MD5, but there are no other known cryptanalytic results. The use of MD5 for new applications is discouraged. It is still reasonable to use MD5 to verify existing signatures. 10 years later it turned out that some public CAs (not just RapidSSL) were signing new certificates with MD5. Yoav
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Bill Frantz
- [TLS] RC4 depreciation path (Re: Deprecating more… Watson Ladd
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Kurt Roeckx
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Ilari Liusvaara
- Re: [TLS] RC4 deprecation path (Re: Deprecating m… Michael D'Errico
- Re: [TLS] RC4 deprecation path (Re: Deprecating m… Kurt Roeckx
- Re: [TLS] RC4 deprecation path (Re: Deprecating m… Yoav Nir
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Fabrice
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Yoav Nir
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Kurt Roeckx
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Watson Ladd
- [TLS] RC4 Considered Harmful (Was: RC4 deprecatio… Alyssa Rowan
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Yoav Nir
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Yoav Nir
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Watson Ladd
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Alyssa Rowan
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Jacob Appelbaum
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… David Holmes
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Watson Ladd
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Alyssa Rowan
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Watson Ladd
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Salz, Rich
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Yoav Nir
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Geoffrey Keating
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Paterson, Kenny
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Marsh Ray
- Re: [TLS] RC4 Considered Harmful (Was: RC4 deprec… Martin Rex
- Re: [TLS] RC4 depreciation path (Re: Deprecating … Kurt Roeckx