IETF Logo Mail Archive

Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)

Watson Ladd <watsonbladd@gmail.com> Sat, 19 April 2014 21:07 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2F01A00C9 for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 14:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S5z-lchmVzRZ for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 14:07:32 -0700 (PDT)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) by ietfa.amsl.com (Postfix) with ESMTP id B0AD51A00A5 for <tls@ietf.org>; Sat, 19 Apr 2014 14:07:32 -0700 (PDT)
Received: by mail-yk0-f174.google.com with SMTP id 20so2358357yks.33 for <tls@ietf.org>; Sat, 19 Apr 2014 14:07:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=KeY4JZ7omW6Kwz7P3D0qGrh8GfbxMwP8OhfA1mUOgCU=; b=uxjlCiPAerdjnYw42O6dqz4ksKTki0VcTSaWvf3p7GdhadvmbRkzkblG0mLIEDCflp bc0tkVYEUHPxgGm0ES8w5LmX6R7P7R6EumhaFbZAfzMoVNriJXNAOSeB60QzJp+MDH+U CAJSCnIUoo95tSPMeQhAl/MpsTgfRwcCyUPYXG7iK2H2f/pMUd8JEan5yw9wYexU9iO/ HSAERetTe6iYjfo5QTgUI72yWJ6zNN0BdfwByqNNhvp5I/vL+1xfaa8DAFLJWBTLH5y5 7lVxiQnA1EQv3QGbeNBfn9IjtYB3FpZjHFsAdUCcL7hkqsYxGJP3/3ZWZEIIDC6j/8kj KTmg==
MIME-Version: 1.0
X-Received: by 10.236.147.10 with SMTP id s10mr4472272yhj.88.1397941648205; Sat, 19 Apr 2014 14:07:28 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Sat, 19 Apr 2014 14:07:28 -0700 (PDT)
In-Reply-To: <2E68BD96-A94F-4965-82AA-E8E6B314F1E7@gmail.com>
References: <CACsn0cnZFScA1WnitpHH--6_Kd0spfLQvmvniyCSnUmvr8xVhg@mail.gmail.com> <20140419131019.GA29561@roeckx.be> <5352B328.1080006@pobox.com> <20140419175352.GA9090@roeckx.be> <238BBDD5-DDE5-4627-AF4D-BC57DC0E61D7@gmail.com> <5352D82C.2030302@akr.io> <2E68BD96-A94F-4965-82AA-E8E6B314F1E7@gmail.com>
Date: Sat, 19 Apr 2014 14:07:28 -0700
Message-ID: <CACsn0c=3d0zktS43iCKTx+UONh15VfrKoSOX8tOUU3fpjNmfoA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/pUJv4M3prPN3WtYe7EPfhafaX5Y
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2014 21:07:47 -0000

On Sat, Apr 19, 2014 at 1:50 PM, Yoav Nir <ynir.ietf@gmail.com> wrote:
>
> On Apr 19, 2014, at 11:10 PM, Alyssa Rowan <akr@akr.io> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> On 19/04/2014 20:28, Yoav Nir wrote:
>>
>>> As long as the client is required to support such servers, I guess
>>> we have to live with it.
>>
>> I think the only correct deprecation path to recommend is the one
>> that's on the table right now: the off switch.
>>
>> Warn your users if you have to. But don't negotiate RC4 without a
>> click-through warning.
>
> I can probably do it, as long as I provide a configuration to re-enable it. But that’s me.
>
> Check out the survey that Kurt posted a link to. 1.56% or TLS servers support only RC4. Browsers are distributed for free, and each of the big ones is installed in hundreds of millions of copies. They can’t afford having support calls, and they can’t afford the bad publicity that comes with “some sites don’t work with this browser”.  What Microsoft is doing is the best we can hope for for now.

What happens 5 years from now when those servers still aren't updated?
I think the best we can do is stop configurations of new software from
supporting it.

Furthermore, we need to ensure that we never face this situation
again. RC4 needed to be depreciated starting with WEP. In the future
we will need to have much more aggressive depreciation, better
guidance on what to support and in what order to prefer ciphersuites.

Sincerely,
Watson Ladd

>
> Yoav
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email