IETF Logo Mail Archive

Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00

Eric Rescorla <ekr@rtfm.com> Fri, 01 May 2020 21:46 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95EEE3A156D for <uta@ietfa.amsl.com>; Fri, 1 May 2020 14:46:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SEWk6Nov_qcP for <uta@ietfa.amsl.com>; Fri, 1 May 2020 14:46:13 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D287C3A155E for <uta@ietf.org>; Fri, 1 May 2020 14:46:12 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id b2so3884184ljp.4 for <uta@ietf.org>; Fri, 01 May 2020 14:46:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5lh7cU4nhqDrzF33pPAP6CJ1gsJ+EikJPojfwvDfWhk=; b=Fi3krdOnVnwicwpu97qenaLJqisjVGOlqzOH+SC/vTrgTPiwAUcGQuYPYtxQCOS7nd i+faXuEPGOFHMZU6yT/fO3ZKZn0tDdm7vhAbcu1Qytk4LxTyGb/90hLlDuC6IlCUneVp LFwRyhB/1fqZ2Xt+0TKQLqZYyZwNmT85gh7cIn6C0G4J9JlSvYfDks6fla7pvUgfRfdH zFA+oFZrxB3DVGhUlLSnXhf6QUO5YOT/mt10vbigWnog29Zd/uRxWOWmR21D4A7TVbt8 hzy26J+24tkPuLOWEVt9+mrg7Ln7fYWmUyXcIajH+HjNTLDkJj5xUuA/zrkAnFvZmD1a t8Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5lh7cU4nhqDrzF33pPAP6CJ1gsJ+EikJPojfwvDfWhk=; b=Xu1W2Lu9eYiI3Vd70ikdFyEQ5Y55+B1yadKbQvt1y4LUU1RfUG527cdpbC1aqLovJz zzU/eUAW+HgKFGhmQPho5IfDBCaEAN4qfjuJTtpOFFmqdi/LMX0T5rzzhNcgCJi8+ic9 wbqiD66nj1luaFSLoMZl0CQ4uVcoBclHIIfxsLIL4JaJWiIEEd3rZoDj6h5y9Zi/CruF gRTtFb6GASjIfrttmeRgvcSw0HRaBPIzeGArdOFTqaFNG19kRb54wtZnkTer2g/juKtU A4nk2TwBTZUnkQCKo/YDQ2vhbMUzlTZftyNzIOeZ41E5+JEYJq56zsuJTudAkXfc1zVj hySw==
X-Gm-Message-State: AGi0Pub9NHBNRtgQfjOLAE+FV/cp2mqcwgBG22d6YyHNtwasGBUTqTTi EmQcnq/JH3k/dSsrr3L3oJgcPggBoZSC9zxw76e1sA==
X-Google-Smtp-Source: APiQypKNJSC714Bttzp5fypdNRRjGM6c+7N51LRbt/QoaWczRQFsqZzDjl+RBNob6z1dwD+N3cZMd/Rxny94QBFPm+Y=
X-Received: by 2002:a2e:99ca:: with SMTP id l10mr3522538ljj.274.1588369570952; Fri, 01 May 2020 14:46:10 -0700 (PDT)
MIME-Version: 1.0
References: <004801d61bae$08a61590$19f240b0$@smyslov.net> <1UW7qWO4vA.17rUXhBMkf8@pc8xp> <CAEKAoHTJ4S5Wfkb4KB+ZWQN7JO_Q-DXDcEz5pqd7MPMhyj_CDQ@mail.gmail.com> <1UW7rcJSVn.1ewl1Eq5e3S@pc8xp>
In-Reply-To: <1UW7rcJSVn.1ewl1Eq5e3S@pc8xp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 01 May 2020 14:45:35 -0700
Message-ID: <CABcZeBMPRDsJ9rbffk2K76HQk9f3c=dZKCPy+0y12YHQ+-9+AA@mail.gmail.com>
To: tom petch <daedulus@btconnect.com>
Cc: Ralph Holz <ralph.holz@gmail.com>, "uta@ietf.org" <uta@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, Valery Smyslov <valery@smyslov.net>, Peter Saint-Andre <stpeter@mozilla.com>
Content-Type: multipart/alternative; boundary="0000000000000c8b1405a49d1c33"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/YdNFssnqW0lkrUjr4xyZt0d8vnM>
Subject: Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 21:46:17 -0000

On Tue, Apr 28, 2020 at 1:41 AM tom petch <daedulus@btconnect.com> wrote:

> One requirement that was raised in the later stages of the work on TLS 1.3
> related to audit, and was raised, I think, by representatives of the
> finance industry; the WG rejected the requirement.


It's worth noting that to the extent that this is a requirement, it is
already violated by any installation which is compliant with RFC 7525. The
auditing techniques in question depend un using static RSA cipher suites,
but 7525 https://tools.ietf.org/rfcmarkup?doc=7525#section-4.1 *already*
prohibits those at the SHOULD level and requires forward that forward
secure cipher suites be implemented and preferred at the MUST level:

   o  Implementations SHOULD NOT negotiate cipher suites based on RSA
      key transport, a.k.a. "static RSA".

      Rationale: These cipher suites, which have assigned values
      starting with the string "TLS_RSA_WITH_*", have several drawbacks,
      especially the fact that they do not support forward secrecy.

   o  Implementations MUST support and prefer to negotiate cipher suites
      offering forward secrecy, such as those in the Ephemeral Diffie-
      Hellman and Elliptic Curve Ephemeral Diffie-Hellman ("DHE" and
      "ECDHE") families.

      Rationale: Forward secrecy (sometimes called "perfect forward
      secrecy") prevents the recovery of information that was encrypted
      with older session keys, thus limiting the amount of time during
      which attacks can be successful.  See Section 6.3 for a detailed
      discussion.




> Since then, I have seen suggestions on the TLS and other lists, and in the
> press, about the development of alternative protocols to meet the
> requirements that TLS 1.3 does not.


Yes, I'm aware of at least one of those efforts (eTLS), however so far it
seems to have only minimal adoption. At least in the Web environment, I am
unaware of any browser or server which is interested in implementing it.

-Ekr

v2.23.0 | Report a Bug | By Email