IETF Logo Mail Archive

Re: [Uta] [Last-Call] [art] Artart last call review of draft-ietf-uta-rfc7525bis-09

Benjamin Kaduk <kaduk@mit.edu> Tue, 02 August 2022 02:30 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB61C157B32; Mon, 1 Aug 2022 19:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ugpKmwwLg8EK; Mon, 1 Aug 2022 19:30:18 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E59F8C14CF16; Mon, 1 Aug 2022 19:30:17 -0700 (PDT)
Received: from kduck.mit.edu (c-73-169-244-254.hsd1.wa.comcast.net [73.169.244.254]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 2722U69q015823 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 1 Aug 2022 22:30:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1659407416; bh=5Aua/JE4b2hrNCeLNcp3VPrUJ3+yEwud7qvTcFcaSj4=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=fpDJWjC3Q9T64XuTCqCZUMDhsoLfB4MOi+r25zWlsZOSi7VzdaVmByffGAxaKnHZ5 eNOVX2A1DmQqQPAUDYQIk6ERMKWiP1FY6eRt+l8DpOdkZtYnxih/THEPo2svi4KSsR wemOTzYPlmma+sXvSFse4X4kr/h+ZhJuTXF55v/oxeprukc1Ruvrst5loN1ve00hfX NL5QsFBsUhnEmetUwiHW2N47C/kSnQmN1jut+Tyw6BU6IgoBPL4ipx9DS1W41Ycomw Bfxv6aQnWFwrVIJu8kaswHrbIq40JGXtetnm9/tUhWitjJeUJRe7eaK9J8ZcR/4tE+ 3co1IYBoQwNgQ==
Date: Mon, 01 Aug 2022 19:30:05 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Cullen Jennings <fluffy@iii.ca>
Cc: Peter Saint-Andre <stpeter@stpeter.im>, draft-ietf-uta-rfc7525bis.all@ietf.org, "art@ietf.org" <art@ietf.org>, last-call@ietf.org, uta@ietf.org
Message-ID: <20220802023005.GR30255@kduck.mit.edu>
References: <165728991008.45773.10659091812976572509@ietfa.amsl.com> <4c7fcbfe-5055-d33d-e1d1-27e85592551a@stpeter.im> <A0DD6035-C9D1-4FEC-A5E7-7D95FFC55602@iii.ca> <9c9922a8-93b5-611f-6433-dbac122dcc4f@stpeter.im> <e7b17bbe-0b6b-2a54-2100-b220a9afa92e@stpeter.im> <B186BFAC-6584-4395-837E-C8F09FE6AEC7@iii.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <B186BFAC-6584-4395-837E-C8F09FE6AEC7@iii.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/XHG3oK91RaRS-ii2M-C7AS1M0RU>
Subject: Re: [Uta] [Last-Call] [art] Artart last call review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 02:30:22 -0000

On Mon, Aug 01, 2022 at 02:58:08PM -0600, Cullen Jennings wrote:
> 
> 
> > On Jul 30, 2022, at 1:40 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote:
> > 
> > Hi again,
> > 
> > The authors have conferred on this and at this time we don't think that we can recommend anything other than EC ciphers, for several reasons:
> > 
> > 1. DHE negotiation is broken.
> 
> Perhaps a bit more explanation in the draft about the issues with DHE-RSA (in context of 7919) would help. I was under the perhaps mistaken perception that the RFC 7919 was not subject to the Raccoon attack and that there were mitigation for the Racoon timing attacks. Given the reliance on a single class of algorithms, I think it would be worth highlighting the risks and provide good info on why alternatives don’t work. 

This was discussed in the TLS session at 114, as it happens;
https://zulip.ietf.org/#narrow/stream/140-tls/topic/jabber/near/21527 has
some links to previous mailing list discussions of the deployment issues
that make RFC 7919 unusable in practice.

>  
> > 
> > 2. Static RSA is out of the question.
> 
> I agree but would prefer that was phrased as things don’t provide PFS are out of the question, not that RSA is not usable. I see lots of confusion of those two. I will note that, if EC was broken by quantum or optical computers but RSA was not, I’m pretty sure I would be switching to something with no PFS vs something that was broken. 

Yup.

-Ben

v2.23.0 | Report a Bug | By Email