Re: [Uta] On prohibiting RC4

Alyssa Rowan <akr@akr.io> Fri, 07 March 2014 14:21 UTC

Return-Path: <akr@akr.io>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 260641A01AA for <uta@ietfa.amsl.com>; Fri, 7 Mar 2014 06:21:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4BeYUBccvC2 for <uta@ietfa.amsl.com>; Fri, 7 Mar 2014 06:21:51 -0800 (PST)
Received: from entima.net (entima.net [78.129.143.175]) by ietfa.amsl.com (Postfix) with ESMTP id 191CF1A019D for <uta@ietf.org>; Fri, 7 Mar 2014 06:21:50 -0800 (PST)
Received: from [10.10.42.10] (cpc5-derb12-2-0-cust796.8-3.cable.virginm.net [82.31.91.29]) by entima.net (Postfix) with ESMTPSA id CE861608EC for <uta@ietf.org>; Fri, 7 Mar 2014 14:21:45 +0000 (GMT)
Message-ID: <5319D59E.5020300@akr.io>
Date: Fri, 07 Mar 2014 14:20:14 +0000
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: uta@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD73@USMBX1.msg.corp.akamai.com> <5319AF96.7000407@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AADD7@USMBX1.msg.corp.akamai.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AADD7@USMBX1.msg.corp.akamai.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/Dqkqbs-y4XoUmMCecqfcO_5bAV8
Subject: Re: [Uta] On prohibiting RC4
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2014 14:21:54 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/03/2014 12:46, Salz, Rich wrote:

> It depends on what you're concerned about.  From a global view, I'm
> concerned about perpass.

As are we all, and the reason for this discussion.

> From a commercial view, I'm perhaps more worried about my customers
> getting through to me.

I understand that: try [000a] TLS_RSA_3DES_EDE_CBC_SHA as a failsafe
for legacy clients, iff [002f] TLS_RSA_WITH_AES_128_CBC_SHA is not
supported? 3DES is supported as far back as RC4 is, it's not choice
anymore but it's not precipitously weak, and we were discussing that
back in December and January. Problem solved, as far as I can see?

If any of your customers outright require RC4 specifically, well then
They're Doing It Wrong - and the draft under discussion is the
document that will notify them that they are going directly against
good advice.

>> [re: RC4 is broken in real time by the #NSA - stop using it.]
> You're not seriously expecting me to take this undocumented 
> assertion without skepticism, are you?

Of course not. Scepticism is entirely reasonable. I am relaying what
I've been told by sources that _I_ trust, not asking you to trust them
in turn.

But still, being sceptical and ignoring that, it is the best fit for
the huge 'cryptologic breakthrough' that is referenced in the Snowden
docs. Perhaps ask Jacob Applebaum or Bruce Schneier for more info
(although I think if they had any details, they would happily have
disclosed them, and I understand the Snowden docs do not contain
details like that).

For the record, I would love to see such a cryptanalytic breakthrough
documented in the public literature, and I encourage anyone who has
sufficient access to fully disclose it in both the interest of global
security and for the furtherance of science.

Discounting that entirely, even what we know publicly, from 2013,
strongly suggests deprecation of RC4 is already long overdue and we
need to move away from it right now. Surely you don't contest that.

> Not everyone feels this way.

I would be very interested to hear their reasons in detail, but with
respect, their conclusions are simply wrong.

As I have said, passive attacks are available to Eve and can be
applied retrospectively; active attacks are only available to Mallory
and cannot. Passive attacks therefore present a greater threat than
active attacks.

>> so I assume you're simply playing Devil's Advocate here?
> No.

Oh? Forgive my assumption: the arguments in the third-person confused me.

>> If you have any specific points or counterpoints, I'm sure we'd 
>> all love to hear them.
> I'll wait until the minutes are published which will hopefully 
> contain ekr's view which (rightfully) carries more weight than 
> mine.

Very well. I'm sure I shall look forward to reading them.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTGdWeAAoJEOyEjtkWi2t6oqcP/Ao1zTfspM3d4QB11kQ2y+KS
2ujJltpOkou9ufnHrz0FvzaFkzazZZ+kw2OTTiwDRYlEqmD3KRXbdkRgwCP6AMBm
VtPqDXHGixZXjGiAdr79/I0eewKv6GfQA9ui1zQ2K/kJK37Z7j2f2IS3oaTbj99I
2SQyXSjmbqTW/2Y0rodXN69M0lT4x2ndB9KbzWfN0QEn/7Pz7pPQUjVC8gL2Kvwp
BQyJla39uNs3YpXCbhbdzHnDrgH0xrsA6+F8rzpv4MkVIN5Li92sesENX3scT0e1
FdnF6AiSum/d9hAV7wfHB04ZpA5k6ALEyt21QvtsC0m6nV8/dusrHw4F1nyb7LLT
LbJJK9yz8mroz7iQJ2y3tnt64O86INujnF2ZOgrFKrcoPRsPeXD8ZTb1p3mfAyqS
l88UXP9wMMCneVAwwl74DJ/G3W+PDqVyFXn/qpAuaoEvjEe6WCa80OIIqQ9PQ3IE
KNEOWS3j/42xjm6fX6KgxBu61teOM/CjkMoqs72rBb8r9njnjqQrqXmaZjeWqNfb
bNW9tuTNcN6Zl7c2YrJQXu34nF5ItRoTh/e2tbQ0kq8fyoeeTN/4p8NKmmGuCZg0
VFGkpQuX6g8rL3s4TfDomlcqk9X1RiuzYzePAmwIXY07xqHqXbB0U8iS987vAvn6
yvvMA9Ky1j8u8q/E1b1P
=5N0p
-----END PGP SIGNATURE-----