Re: [TLS] ban more old crap

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 24 July 2015 06:41 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33AF41A871B for <tls@ietfa.amsl.com>; Thu, 23 Jul 2015 23:41:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UPPERCASE_50_75=0.008] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRK7OY2lx-2l for <tls@ietfa.amsl.com>; Thu, 23 Jul 2015 23:41:22 -0700 (PDT)
Received: from emh03.mail.saunalahti.fi (emh03.mail.saunalahti.fi [62.142.5.109]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BE4F1B2D52 for <tls@ietf.org>; Thu, 23 Jul 2015 23:41:22 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh03.mail.saunalahti.fi (Postfix) with ESMTP id 3F788188860; Fri, 24 Jul 2015 09:41:19 +0300 (EEST)
Date: Fri, 24 Jul 2015 09:41:19 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <20150724064119.GA9208@LK-Perkele-VII>
References: <201507221610.27729.davemgarrett@gmail.com> <1724827.ajpDBsKllU@pintsize.usersys.redhat.com> <201507231143.46288.davemgarrett@gmail.com> <55B11EFC.6070400@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <55B11EFC.6070400@cs.tcd.ie>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/u5zOzB7njA30w-HXVnBxyZUa35I>
Cc: tls@ietf.org
Subject: Re: [TLS] ban more old crap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 06:41:24 -0000

On Thu, Jul 23, 2015 at 06:06:04PM +0100, Stephen Farrell wrote:
> 
> 
> On 23/07/15 16:43, Dave Garrett wrote:
> > We should just get more serious about banning old crap entirely to
> > make dangerous misconfiguration impossible for TLS 1.3+
> > implementations.
> > 
> > Right now, the restrictions section prohibits: RC4, SSL2/3, &
> > EXPORT/NULL entirely (via min bits) and has "SHOULD" use TLS 1.3+
> > compatible with TLS 1.2, if available
> 
> A suggestion - could we remove mention of anything that
> is not a MUST or SHOULD ciphersuite from the TLS1.3 document
> and then have someone write a separate draft that adds a
> column to the registry where we can mark old crap as
> deprecated?

Checked the ciphersuite registry. Of 316 negotiable ciphers,
marking everything that doesn't work in TLS 1.3 or is DSS
ciphersuite (nobody uses that) would leave 52 ciphersuites
undeprecated.

Unfortunately, completing the various sets could add up to
31 new ciphersuites... :-/


Flags:
A => Anonymous (6+8)
D => Dubious use (6+1). I guess IoT devices don't appreciate FFDHE.
F => FFDHE (26+3)
I => IoT foucus (18+12)
N => New signature type (0+11), merging would take bending TLS 1.2 rules.
R => RSA signature type with ECDHE (6+1)
V => Vanity (24+8)

The 52 are:
--F-- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
--F-- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
A-F-- TLS_DH_anon_WITH_AES_128_GCM_SHA256
A-F-- TLS_DH_anon_WITH_AES_256_GCM_SHA384
----- TLS_PSK_WITH_AES_128_GCM_SHA256
----- TLS_PSK_WITH_AES_256_GCM_SHA384
-DFI- TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
-DFI- TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
----- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
----- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
----R TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
----R TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
--FV- TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
--FV- TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
A-FV- TLS_DH_anon_WITH_ARIA_128_GCM_SHA256
A-FV- TLS_DH_anon_WITH_ARIA_256_GCM_SHA384
---V- TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
---V- TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
---VR TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
---VR TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
---V- TLS_PSK_WITH_ARIA_128_GCM_SHA256
---V- TLS_PSK_WITH_ARIA_256_GCM_SHA384
-DFV- TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
-DFV- TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
--FV- TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
--FV- TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
A-FV- TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
A-FV- TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
---V- TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
---V- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
---VR TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
---VR TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
---V- TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
---V- TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
-DFV- TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
-DFV- TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
-DFI- TLS_DHE_RSA_WITH_AES_128_CCM
-DFI- TLS_DHE_RSA_WITH_AES_256_CCM
-DFI- TLS_DHE_RSA_WITH_AES_128_CCM_8
-DFI- TLS_DHE_RSA_WITH_AES_256_CCM_8
---I- TLS_PSK_WITH_AES_128_CCM
---I- TLS_PSK_WITH_AES_256_CCM
-DFI- TLS_DHE_PSK_WITH_AES_128_CCM
-DFI- TLS_DHE_PSK_WITH_AES_256_CCM
---I- TLS_PSK_WITH_AES_128_CCM_8
---I- TLS_PSK_WITH_AES_256_CCM_8
-DFI- TLS_PSK_DHE_WITH_AES_128_CCM_8
-DFI- TLS_PSK_DHE_WITH_AES_256_CCM_8
---I- TLS_ECDHE_ECDSA_WITH_AES_128_CCM
---I- TLS_ECDHE_ECDSA_WITH_AES_256_CCM
---I- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
---I- TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8

And the new 31 would be:
----R TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
----- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
--F-- TLS_DHE_RSA_WITH_CHACHA20_POLY1305
----- TLS_PSK_WITH_CHACHA20_POLY1305
---I- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305
-DFI- TLS_DHE_PSK_WITH_CHACHA20_POLY1305
---I- TLS_ECDHE_PSK_WITH_AES_128_GCM
---I- TLS_ECDHE_PSK_WITH_AES_256_GCM
---I- TLS_ECDHE_PSK_WITH_AES_128_CCM_8
---I- TLS_ECDHE_PSK_WITH_AES_256_CCM_8
---I- TLS_ECDHE_PSK_WITH_AES_128_CCM
---I- TLS_ECDHE_PSK_WITH_AES_256_CCM
A---- TLS_ECDH_anon_WITH_AES_128_GCM_SHA256
A---- TLS_ECDH_anon_WITH_AES_256_GCM_SHA384
A--V- TLS_ECDH_anon_WITH_ARIA_128_GCM_SHA256
A--V- TLS_ECDH_anon_WITH_ARIA_256_GCM_SHA384
A--V- TLS_ECDH_anon_WITH_CAMELLIA_128_GCM_SHA256
A--V- TLS_ECDH_anon_WITH_CAMELLIA_256_GCM_SHA384
A---- TLS_ECDH_anon_WITH_CHACHA20_POLY1305
A-F-- TLS_DH_anon_WITH_CHACHA20_POLY1305
----N TLS_ECDHE_ECIDSA_WITH_AES_128_GCM_SHA256
----N TLS_ECDHE_ECIDSA_WITH_AES_256_GCM_SHA384
---VN TLS_ECDHE_ECIDSA_WITH_ARIA_128_GCM_SHA256
---VN TLS_ECDHE_ECIDSA_WITH_ARIA_256_GCM_SHA384
---VN TLS_ECDHE_ECIDSA_WITH_CAMELLIA_128_GCM_SHA256
---VN TLS_ECDHE_ECIDSA_WITH_CAMELLIA_256_GCM_SHA384
---IN TLS_ECDHE_ECIDSA_WITH_AES_128_CCM
---IN TLS_ECDHE_ECIDSA_WITH_AES_256_CCM
---IN TLS_ECDHE_ECIDSA_WITH_AES_128_CCM_8
---IN TLS_ECDHE_ECIDSA_WITH_AES_256_CCM_8
----N TLS_ECDHE_ECIDSA_WITH_CHACHA20_POLY1305



-Ilari