IETF Logo Mail Archive

Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00

ned+uta@mrochek.com Fri, 01 May 2020 17:47 UTC

Return-Path: <ned+uta@mrochek.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4D143A18BC for <uta@ietfa.amsl.com>; Fri, 1 May 2020 10:47:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzyO_yVA6lNz for <uta@ietfa.amsl.com>; Fri, 1 May 2020 10:47:41 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 828EB3A18B9 for <uta@ietf.org>; Fri, 1 May 2020 10:47:41 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RKCREJQM8W006AP4@mauve.mrochek.com> for uta@ietf.org; Fri, 1 May 2020 10:42:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=201712; t=1588354958; bh=QEgVFs1KK2xpyku/LOR4zJSDC6+PjtExNsMQgr7jMIg=; h=From:Cc:Date:Subject:In-reply-to:References:To:From; b=eYbglsLxlZ0i1vpnETTa/3Aj1ck4TCLfxDP2HRT0JQTDiVi+td6p8QAYGVF8m8PJs 4zC8j8/fZ//Ny8ELR75RJDGrNExuJlSL/jv35pJ5Mp5OUMuSJiT7xQtuJKd7Eu27jd aodiaxyfWU4mGVeFoHH4ZbGw2IKysuWaCzP6p0vo=
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-type: TEXT/PLAIN; charset="utf-8"; Format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RKCJ3X0XR40055BV@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for uta@ietf.org; Fri, 1 May 2020 10:42:35 -0700 (PDT)
From: ned+uta@mrochek.com
Cc: uta@ietf.org
Message-id: <01RKCREHVO3I0055BV@mauve.mrochek.com>
Date: Fri, 01 May 2020 09:27:32 -0700
In-reply-to: "Your message dated Thu, 30 Apr 2020 22:59:06 -0400" <dfe39508-b37a-f008-91d3-cb36bcb84ae1@network-heretics.com>
References: <004801d61bae$08a61590$19f240b0$@smyslov.net> <dfe39508-b37a-f008-91d3-cb36bcb84ae1@network-heretics.com>
To: Keith Moore <moore@network-heretics.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/QqMvEOuhsDOJDnDH9Nz7cZ5aPKs>
Subject: Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 17:47:45 -0000

> IMO RFC7525 and this new draft both suffer from dubious assumptions and
> make poor recommendations because of those assumptions.  In particular,
> there are many cases for which using an old version of TLS is suboptimal
> and it shouldn't be considered as secure, but it may still be better
> than deprecating old versions of TLS that might be the only ones
> supported by the peer.

Whether or not to ban SSL v2 and v3 is a tough call, but not for the reasons
given in RFC 7525. Yes, these are weak mechanisms, but in the absence of other
considerations weak is better than no security at all.

However, because of the way the negotations work supporting all of these stuff
simultaneously has proven to be difficult to get right. The fact that these old
versions can cause interop failures with later versions is arguably sufficient
cause for a MUST NOT. 

> People do not always have the luxury of upgrading their clients and
> servers to versions that support the recent TLS.    Some legacy hardware
> has firmware that cannot be upgraded because no upgrades are
> available.   Service providers do not always have the leverage to insist
> that their customers upgrade, or the luxury of abandoning customers. etc.

Shorter version: Once again the IETF is letting the best be the enemy of the
good.

> I therefore find it difficult to make good advice of the form "don't use
> TLS version x.y" that is appropriate across all applications and all
> usage scenarios.   Again, there's an important difference between "don't
> use TLS x.y" and "don't consider TLS x.y secure".

Agreed.

> I also think it's odd that there are recommendations like this that say
> "don't support TLS x.y" but say nothing about not supporting cleartext
> for protocols that still have a cleartext mode.   Even SSL 1.0 is
> probably better than cleartext (at least from a security perspective, if
> not from a support burden perspective) as long as it's not trusted to be
> secure.

Agreed as well.

> So in summary, either I don't support adoption of this draft, or I
> support adoption of this draft only to the extent that it can be
> significantly changed.

AFAICT the draft hasn't been updated beyond what RFC 7525 says, so I'm
going to wait and see what those updates say before I decide if I can
support the change.

				Ned

v2.23.0 | Report a Bug | By Email