Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

"Salz, Rich" <rsalz@akamai.com> Thu, 02 October 2014 14:22 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 353DF1A03D0 for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 07:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.686
X-Spam-Level:
X-Spam-Status: No, score=-2.686 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l0YkWN_gCRzJ for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 07:22:13 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id E869B1A03AB for <tls@ietf.org>; Thu, 2 Oct 2014 07:22:12 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 8BB434758B for <tls@ietf.org>; Thu, 2 Oct 2014 14:22:12 +0000 (GMT)
Received: from prod-mail-relay07.akamai.com (prod-mail-relay07.akamai.com [172.17.121.112]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 7F52147586 for <tls@ietf.org>; Thu, 2 Oct 2014 14:22:12 +0000 (GMT)
Received: from ustx2ex-cashub.dfw01.corp.akamai.com (ustx2ex-cashub1.dfw01.corp.akamai.com [172.27.25.75]) by prod-mail-relay07.akamai.com (Postfix) with ESMTP id 5EC7280044 for <tls@ietf.org>; Thu, 2 Oct 2014 14:22:12 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([169.254.2.28]) by ustx2ex-cashub1.dfw01.corp.akamai.com ([172.27.25.75]) with mapi; Thu, 2 Oct 2014 09:22:12 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "tls@ietf.org" <tls@ietf.org>
Date: Thu, 2 Oct 2014 09:22:09 -0500
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
Thread-Index: Ac/eFx5G9KX6V1LFT0iX5DmY7N3z0QANGEkQ
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C71D2F8F7E83@USMBX1.msg.corp.akamai.com>
References: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp> <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io>
In-Reply-To: <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/spzQMhw9NUVlVAnub_KAonAEzY4
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 14:22:14 -0000

After thinking about this a bit more, I changed my mind.

I've argued that TLS 1.3 doesn't have to cover every use case supported by TLS 1.2.  On the crypto front, if we (my employer) has to allow RC4 Android 2.2 or old embedded devices (like WWW-TV's), that doesn't change the fact that what these devices are doing isn't good.  I'd prefer to see something like servers should only accept RC4 if it is the best cipher the client supports, but so be it.

--  
Principal Security Engineer, Akamai Technologies
IM: rsalz@jabber.me Twitter: RichSalz