Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Yoav Nir <ynir.ietf@gmail.com> Fri, 03 October 2014 10:12 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B661AD01F for <tls@ietfa.amsl.com>; Fri, 3 Oct 2014 03:12:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smHoZoA4EXAm for <tls@ietfa.amsl.com>; Fri, 3 Oct 2014 03:12:22 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74BF91A020B for <tls@ietf.org>; Fri, 3 Oct 2014 03:12:22 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id cc10so6721954wib.1 for <tls@ietf.org>; Fri, 03 Oct 2014 03:12:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=cm99Vsz9mu2UV3TY0D2DA2RN1j14ooLxA+JwqbPoTeE=; b=jnOvCqawer647erTJOc6wgZD4L3vCfm+6MMrZEd3oU7iv73ICGWQnnt8pxPcSQIOnb toauW5bpN1AnC770rAxVOaJqfRKvtgH9uGOnuoiD+xqZ5Mci2SpkMw3RlO4XOTJ6MuYZ fG9CEdXwoG6U3e9/O3S6bpn+N979NDk9LH+uhTNbm/56t1q5tVZJdE4SYmjhaJvxKPUI Wi+PhPjPSA2nC/MmAGnFGBUOmSl/gwcT9UCNCc5zfHHLmRtJLYTkDvgfV77AQbE8qH1Y xj3BLmn7r0i6QtBxrNztJZPr4t5DqfXEPoeFSA+1mychdLI8cU9/kQiwEjuxI0whTSbb bLvw==
X-Received: by 10.194.84.42 with SMTP id v10mr5999658wjy.63.1412331141125; Fri, 03 Oct 2014 03:12:21 -0700 (PDT)
Received: from [192.168.1.100] (IGLD-84-228-54-144.inter.net.il. [84.228.54.144]) by mx.google.com with ESMTPSA id f7sm1582468wix.22.2014.10.03.03.12.19 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 Oct 2014 03:12:20 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_926B51B2-5D42-4A78-A0FA-E2E37BB88D11"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CACsn0cnr49RHoNDhy=x7+Da=v4X=6rSMWKazA-ZObPTsuZnsGA@mail.gmail.com>
Date: Fri, 3 Oct 2014 13:12:17 +0300
Message-Id: <6E575192-4AB2-4BF1-82AD-4008397CE41F@gmail.com>
References: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp> <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C71D2F8F7E83@USMBX1.msg.corp.akamai.com> <CADMpkcJEt4e7LJAY+FsFcbyQE2x3SXsaOW3bffV4U2oN9EUKrg@mail.gmail.com> <542D850E.2060900@akr.io> <CADMpkc+Zbu64wek2HayW2tCf+d1ZYLocMp2PzXncyS=fHPDwsg@mail.gmail.com> <542DB1D4.4020601@akr.io> <20141003042418.GS13254@mournblade.imrryr.org> <CACsn0cnr49RHoNDhy=x7+Da=v4X=6rSMWKazA-ZObPTsuZnsGA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/zuJ8syOMidTly4sbxhf6d1lNrME
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 10:12:24 -0000

On Oct 3, 2014, at 10:02 AM, Watson Ladd <watsonbladd@gmail.com> wrote:

<snip />

>> Many others are likely to continue ignoring impractical advice.
>> A more realistic document is I think likely to see greater adoption.
> 
> Let's be 100% clear here: RC4 is not required for interoperability, as
> TLS 1.0, 1.1, and 1.2 all specify other MTI suites for interop.

Not required for interoperability with RFCs, but is required for interoperability with real servers:
http://securitypitfalls.wordpress.com/author/hkario/

18% prefer RC4 to all others, while just under 1% support nothing else. This may be because a lot of people configured RC4 only in the wake of the BEAST attack, but regardless: if your browser has no RC4, it can’t browse all  of the Internet.

Yoav