Re: [TLS] ban more old crap
Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 25 July 2015 17:13 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 726E41ACED3 for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 10:13:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VAPCYgJai-bB for <tls@ietfa.amsl.com>; Sat, 25 Jul 2015 10:13:30 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11BC51ACE8A for <tls@ietf.org>; Sat, 25 Jul 2015 10:13:30 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 6820C284B64; Sat, 25 Jul 2015 17:13:28 +0000 (UTC)
Date: Sat, 25 Jul 2015 17:13:28 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150725171328.GL4347@mournblade.imrryr.org>
References: <201507221610.27729.davemgarrett@gmail.com> <201507241257.43115.davemgarrett@gmail.com> <2164745.i4WjRk8WKj@pintsize.usersys.redhat.com> <201507241403.14071.davemgarrett@gmail.com> <20150725054622.GK4347@mournblade.imrryr.org> <afe90d435b3b4d79bc3ef074f59f06c1@ustx2ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <afe90d435b3b4d79bc3ef074f59f06c1@ustx2ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/uYwqK0SJ-MsXoyrNi_mVAmSLO1U>
Subject: Re: [TLS] ban more old crap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 17:13:31 -0000
On Sat, Jul 25, 2015 at 06:54:36AM +0000, Salz, Rich wrote: > > What we've cannot yet turn off is RC4. > > Then do not use TLS 1.3 Actually, we can use TLS 1.3, just not with peers that only do RC4. Provided the 1.3 servers don't do anything actively hostile and terminate the handshake when they see RC4-SHA1 offered among other more acceptable ciphersuites. I was definitely not arguing for inclusion of RC4 in TLS 1.3. I am more than happy with AEAD-only in TLS 1.3, with no RC4. When an opportunistic TLS client that supports TLS 1.0--1.3, and includes RC4 in its list of ciphersuites, connects to a 1.3 server RC4 will not be the negotiated ciphersuite when the server decides to use 1.3. I was just noting for the record, that even with opportunistic TLS we've already made some progress in getting rid of "old crap", but not yet all. -- Viktor.
- [TLS] A la carte concerns from IETF 93 Dave Garrett
- Re: [TLS] A la carte concerns from IETF 93 Hubert Kario
- Re: [TLS] A la carte concerns from IETF 93 Ilari Liusvaara
- [TLS] ban more old crap (was: A la carte concerns… Dave Garrett
- Re: [TLS] ban more old crap (was: A la carte conc… Viktor Dukhovni
- Re: [TLS] ban more old crap (was: A la carte conc… Dave Garrett
- Re: [TLS] ban more old crap Stephen Farrell
- Re: [TLS] ban more old crap (was: A la carte conc… Yuhong Bao
- Re: [TLS] ban more old crap Eric Rescorla
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap (was: A la carte conc… Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Ilari Liusvaara
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Yuhong Bao
- Re: [TLS] ban more old crap Ilari Liusvaara
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Salz, Rich
- Re: [TLS] ban more old crap Stephen Farrell
- Re: [TLS] ban more old crap Benjamin Beurdouche
- Re: [TLS] ban more old crap Eric Rescorla
- Re: [TLS] ban more old crap Martin Thomson
- Re: [TLS] ban more old crap Salz, Rich
- Re: [TLS] ban more old crap Martin Thomson
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Viktor Dukhovni