IETF Logo Mail Archive

Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)

Yoav Nir <ynir.ietf@gmail.com> Wed, 23 April 2014 19:25 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D631B1A0422 for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 12:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v8bSaOx4enJQ for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 12:25:07 -0700 (PDT)
Received: from mail-ee0-x230.google.com (mail-ee0-x230.google.com [IPv6:2a00:1450:4013:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id 0A1E01A050E for <tls@ietf.org>; Wed, 23 Apr 2014 12:25:05 -0700 (PDT)
Received: by mail-ee0-f48.google.com with SMTP id b57so1114570eek.7 for <tls@ietf.org>; Wed, 23 Apr 2014 12:24:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ERZT2wqSwoQ5a333CQECrWwMT/9t6hQdJU1bq5eXx9Y=; b=FgezpSSY1mt+nfEWkjJLbkno8dJx+3GeJYn/zS9PeuL56IL7l7O952HceN60RQ72EY 1S2tRb4oiIddXSGA+Nv336k0ZeTRlrffFIjE+/XiWCDtXFCFh5RFu+sNPE61OcFQnj04 IggOrMRDEwuh8olzsyfMlOWz85t9FlHy2Y3y9c0/fTxQP4DLnWUdeN+s9/DJybtM//13 uSNtU0bH8dTCHj60rwciiWCPVUAq/ToQ92mzihK8aMD2x/hFQOuiZTd3h2YcpSTUAahp uej5xfRZQTBFkwtE7GUpRFXam6mIhgw8ZSls9iJmK0Dl6bwStVu+g7Yxh08nBhZIBGJ+ V56A==
X-Received: by 10.14.109.201 with SMTP id s49mr18847474eeg.88.1398281099783; Wed, 23 Apr 2014 12:24:59 -0700 (PDT)
Received: from [192.168.1.102] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id u1sm8868298eex.31.2014.04.23.12.24.49 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Apr 2014 12:24:59 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CF7DC161.1C4FC%kenny.paterson@rhul.ac.uk>
Date: Wed, 23 Apr 2014 22:24:27 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <DEB7296B-C91C-47CF-8BB8-3C73AE6C74F6@gmail.com>
References: <CAFggDF0Kh+F3R+NtKZ-WhQWn3gO9quGhaFL8Qnx1a6TiVbAmGQ@mail.gmail.com> <20140423150707.F18C11ACDB@ld9781.wdf.sap.corp> <CACsn0cmP6pp_aMYrCb3-4QBae6v8uuNQYZZW8jxnMaSgPy8SXA@mail.gmail.com> <CF7DBB70.1C4C6%kenny.paterson@rhul.ac.uk> <2A0EFB9C05D0164E98F19BB0AF3708C7120C35E25E@USMBX1.msg.corp.akamai.com> <CF7DC161.1C4FC%kenny.paterson@rhul.ac.uk>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/kasrZXZRrrrU5X99RziHSdT4U-8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 19:25:10 -0000

On Apr 23, 2014, at 9:15 PM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk> wrote:

> On 23/04/2014 19:12, "Salz, Rich" <rsalz@akamai.com> wrote:
> 
>> Thanks for posting; it's great to have a cryptographer weigh in.
>> 
>> So, at the risk of putting you on the spot:  what do you think we
>> (TLS-WG) should do?
>> 
> 
> I think we should deprecate RC4 now, in the hope that in the medium term,
> we can reduce the amount of RC4 being negotiated in TLS.
> 
> As others have said, the RFC, if published, gives a useful stick with
> which to beat the appropriate people/argue for change.

I agree. Just let’s not overestimate our influence. In January 1999 RFC 2459 said this:

   Den Boer and Bosselaers [DB94] have found pseudo-collisions for MD5,
   but there are no other known cryptanalytic results.  The use of MD5
   for new applications is discouraged.  It is still reasonable to use
   MD5 to verify existing signatures.

10 years later it turned out that some public CAs (not just RapidSSL) were signing new certificates with MD5.

Yoav

v2.23.0 | Report a Bug | By Email