Re: [Uta] On prohibiting RC4
Andrei Popov <Andrei.Popov@microsoft.com> Mon, 10 March 2014 17:46 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D73BA1A04B9 for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 10:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEfTvBuAipQi for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 10:46:30 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0144.outbound.protection.outlook.com [207.46.163.144]) by ietfa.amsl.com (Postfix) with ESMTP id 316D71A0658 for <uta@ietf.org>; Mon, 10 Mar 2014 10:46:29 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB340.namprd03.prod.outlook.com (10.141.68.24) with Microsoft SMTP Server (TLS) id 15.0.898.11; Mon, 10 Mar 2014 17:46:18 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.0893.001; Mon, 10 Mar 2014 17:46:18 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>, Alyssa Rowan <akr@akr.io>, "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [Uta] On prohibiting RC4
Thread-Index: Ac8564QKs0rdCOVSTiywj6IZRlSaLAADiv8AAAJlVQAADIaAwAAXGvOAAHzKQoA=
Date: Mon, 10 Mar 2014 17:46:18 +0000
Message-ID: <e6d79d13f1f44397a88cde3d3ea76879@BL2PR03MB419.namprd03.prod.outlook.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD73@USMBX1.msg.corp.akamai.com> <5319AF96.7000407@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AADD7@USMBX1.msg.corp.akamai.com> <147c6c280e2044ac97624762410872ff@BL2PR03MB419.namprd03.prod.outlook.com> <531AAEC7.4060409@gmail.com>
In-Reply-To: <531AAEC7.4060409@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::3]
x-forefront-prvs: 014617085B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(13464003)(24454002)(164054003)(377454003)(51704005)(479174003)(199002)(189002)(4396001)(80976001)(74366001)(81542001)(74316001)(46102001)(50986001)(47976001)(76482001)(47736001)(80022001)(97186001)(53806001)(69226001)(83322001)(19580405001)(19580395003)(54316002)(56776001)(49866001)(54356001)(65816001)(74706001)(20776003)(95666003)(51856001)(93136001)(33646001)(56816005)(90146001)(59766001)(81342001)(94946001)(83072002)(93516002)(87266001)(81816001)(31966008)(76796001)(87936001)(76576001)(92566001)(74662001)(74876001)(94316002)(77982001)(74502001)(2656002)(95416001)(47446002)(81686001)(86612001)(85306002)(97336001)(79102001)(86362001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB340; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:4E7CF3DF.94F2D981.FDDF7163.46EBF0C9.20407; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/WZM1KFxhXGv2Hd_i3xDT_GhvGFY
Subject: Re: [Uta] On prohibiting RC4
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 17:46:33 -0000
Hi Yaron, You are right in saying that browser re-connects are insecure, and that an active attacker can cause the browser to re-connect with RC4 enabled. While in our experiments at the time, this re-connect behavior drastically reduced the use of RC4 with IE, the ultimate solution is to never negotiate RC4 with TLS, which is the purpose of the Internet-Draft we're discussing. The entire world certainly won't eliminate RC4 overnight, but I believe that it makes sense to do regular housekeeping and remove known broken crypto from current RFCs. Cheers, Andrei -----Original Message----- From: Yaron Sheffer [mailto:yaronf.ietf@gmail.com] Sent: Friday, March 7, 2014 9:47 PM To: Andrei Popov; Salz, Rich; Alyssa Rowan; uta@ietf.org Subject: Re: [Uta] On prohibiting RC4 Hi Andrei, I'm not sure I understand your response. The way I parse it, in *today's* Internet, assuming we never want to resort to cleartext, what would work is: - Client initiates handshake #1 without RC4. - Server (sometimes, if it's old) fails the handshake. This failure is unauthenticated, which means it can be forced by an attacker. - client fallbacks to handshake #2 with RC4 (which by the way, is disallowed by the draft). - Server's happy. IMHO this would only complicate fallback logic (which in an ideal world we should have gotten rid of) without improving security. If we're saying MUST NOT we must be able to stand behind it. If we can't, let's try to craft more nuanced language. The current draft would fail the connection and thereby fallback to cleartext if the client only offers RC4. Even if such clients are rare, this is still a grave mistake IMO. Thanks, Yaron On 03/07/2014 09:22 PM, Andrei Popov wrote: >> It depends on what you're concerned about. From a global view, I'm concerned about perpass. From a commercial view, I'm perhaps more worried about my customers getting through to me. > > Are you dealing with a significant number of RC4-only TLS clients? When we tried to disable RC4 altogether here at MS, the issues we ran into were mostly with the TLS servers that would not speak anything but RC4 (not just web servers, but other applications such as e-mail). We were nevertheless able to have IE not offer RC4 on the initial connection attempt. > > If adopted, the RC4 deprecation draft would hopefully send a strong message to the industry and help us phase out RC4 sooner. > > Cheers, > > Andrei >
- Re: [Uta] On prohibiting RC4 Alyssa Rowan
- [Uta] On prohibiting RC4 Salz, Rich
- Re: [Uta] On prohibiting RC4 Alyssa Rowan
- Re: [Uta] On prohibiting RC4 Salz, Rich
- Re: [Uta] On prohibiting RC4 Salz, Rich
- Re: [Uta] On prohibiting RC4 Alyssa Rowan
- Re: [Uta] On prohibiting RC4 Andrei Popov
- Re: [Uta] On prohibiting RC4 Franck Martin
- Re: [Uta] On prohibiting RC4 Joe St Sauver
- Re: [Uta] On prohibiting RC4 Yaron Sheffer
- Re: [Uta] On prohibiting RC4 Martin Thomson
- Re: [Uta] On prohibiting RC4 Yaron Sheffer
- Re: [Uta] On prohibiting RC4 Martin Thomson
- Re: [Uta] On prohibiting RC4 Andrei Popov