Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
"Dan Harkins" <dharkins@lounge.org> Mon, 04 April 2016 17:36 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2B0212D115 for <tls@ietfa.amsl.com>; Mon, 4 Apr 2016 10:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BK9_eLaxuRi9 for <tls@ietfa.amsl.com>; Mon, 4 Apr 2016 10:36:46 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 989B512D12E for <tls@ietf.org>; Mon, 4 Apr 2016 10:36:46 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 3EAD31022404C; Mon, 4 Apr 2016 10:36:46 -0700 (PDT)
Received: from 31.133.176.131 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 4 Apr 2016 10:36:46 -0700 (PDT)
Message-ID: <1c1246d3be495728863f1633691e4a53.squirrel@www.trepanning.net>
In-Reply-To: <CAPofZaGYpMEiJGz=kFJwfYGPJ433JhcEhLzBky9pi+0RwceeqQ@mail.gmail.com>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com> <56FD2A0A.1050607@gmx.net> <56FD4A42.2080100@akamai.com> <56FD4E32.5060409@gmx.net> <56FD55E3.9060605@akamai.com> <56FD599D.2040206@gmx.net> <56FD5B00.3090007@akamai.com> <ca13e48abd8042c38bc2116bd5574f85@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD5CFC.8090508@gmx.net> <9ed6f4205baf4602857b3c4539fc1941@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD610F.10301@gmx.net> <56FD63B0.2070205@cs.tcd.ie> <1640361f86795f7c3117d9c25be91a72.squirrel@www.trepanning.net> <CACsn0cmM+YTkPKf-nbqgyq=GdG=8M7i+Jq1a-kx77C9CbWCwqg@mail.gmail.com> <fa7284ff7f22aa724fbdc7122707c0e3.squirrel@www.trepanning.net> <CAPofZaGYpMEiJGz=kFJwfYGPJ433JhcEhLzBky9pi+0RwceeqQ@mail.gmail.com>
Date: Mon, 04 Apr 2016 10:36:46 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Phil Lello <phil@dunlop-lello.uk>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/lu18pnXLx40YLDrlgNs-LILPrys>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 17:36:48 -0000
On Mon, April 4, 2016 8:50 am, Phil Lello wrote: > On Mon, Apr 4, 2016 at 3:36 PM, Dan Harkins <dharkins@lounge.org> wrote: > >> >> Usually what happens is the server generates a self-signed certificate >> and the apps are given some "username" and "password" and the app >> ignores the unauthenticated nature of the TLS connection and sends >> the u/p credential on through. > > Isn't this use case more of an argument for an updated auth-digest to use > something better than MD5? I'm not convinced MITM is a real concern for a > typical IoT environment (however that's defined - I'm assuming http in a > domestic environment). First of all, what makes you think it's MD5 digest and not just plaintext? And updated by whom? These are ad hoc constructions done because the alternative is too onerous. As someone who has stolen wi-fi from the apt next door that was protected by a PSK I would say that doing a dictionary attack in a "domestic environment" is entirely plausible. If I have to do a soft AP advertising the neighbor's SSID in order to lure a set-top box or thermostat or whatever to connect to me then that's a very low bar. regard, Dan.
- [TLS] call for consensus: changes to IANA registr… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
- Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
- Re: [TLS] call for consensus: changes to IANA reg… Dmitry Belyavsky
- Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
- Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Ilari Liusvaara
- Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
- Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
- Re: [TLS] call for consensus: changes to IANA reg… Dave Garrett
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Bill Frantz
- Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
- Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
- Re: [TLS] call for consensus: changes to IANA reg… Martin Thomson
- Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
- Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
- Re: [TLS] call for consensus: changes to IANA reg… Andrei Popov
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
- Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
- Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
- Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
- Re: [TLS] call for consensus: changes to IANA reg… Kaduk, Ben
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
- Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
- Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Aaron Zauner
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner