Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
Eric Rescorla <ekr@rtfm.com> Mon, 04 May 2020 13:31 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 342853A088A for <uta@ietfa.amsl.com>; Mon, 4 May 2020 06:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OluPpf6TGg9A for <uta@ietfa.amsl.com>; Mon, 4 May 2020 06:31:32 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23D773A088D for <uta@ietf.org>; Mon, 4 May 2020 06:31:32 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id f11so9694856ljp.1 for <uta@ietf.org>; Mon, 04 May 2020 06:31:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fc0iDx6pBi+YKg3gjFt0dRCLE6yoqmyAyFwJ+kgbXkE=; b=Pr3M8kRs0xPoVv63ixTnPNEOk5i766eFyRtvbowB1iDZbovwuQIIeRAE81tOloeAS/ ZSZZI1NMZnVKi7qhVV9ei7ec0QKJQnG0yC+pv52nB3wL65/4e4CF7vbWBb+kga0mmAJ+ 1yqMIyaBiaxIWAypwwdbOQUcuMJyXwPKANhG6XVJ6OpS9uHpCbqR585wAJs7i27iwDhT 0OgONcr7ucpIsx7mq7s+YT/z+nrAeMGb9pstpvEuRzKF243UKTD36nBAHScnh+WqL5qw 8nPd34nxqMPppAp4iJwi4W0ESu447mBnv733cQ8OiqlKwHkbhmNIfHzS85DWOTGSdpku 9zPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fc0iDx6pBi+YKg3gjFt0dRCLE6yoqmyAyFwJ+kgbXkE=; b=cETFgwZiRAo/dm1exTjSP2Ey8qKnxHVokY4iZh2LLesGw8iVEUgZl8hbQ9Vmt7d0Zp aVP0ZBdYZxSUlRVJm2Kw1a6D/32h3V3SRSUXb20Ho0V5tFUN93Xcf7sYwue1w8R5dS3P 6QEaGoZihnvp1Oj1eEFw5uuR3J62gHUEON6tOKOFnqkI639E/lGR1nVxyad8boUpY9pB qo879bKJ7GIxIeAmfBstcj/cVEouz+CGHJkzMUVc1CS8eIwXkkGE62zx6a17EQKUQJVl 6A/lDoMMhYTNjZf3efIwdWjekVHWQHMrMmW3uDqyTnnNyklComV9kqoBVUu0Se4G3Jes e8Dw==
X-Gm-Message-State: AGi0PuaEzoDESH8ZVA6yJPgw9mf6ULZOlalox/Ei99rgEaCkBpqdsFGe O4IeDo/VVJQ0hlOt0yK2yMJtB0/kbOpZwbHVu02JgA==
X-Google-Smtp-Source: APiQypI4LRMWxiDuvrTepWQ0aa4kyqB5nPyaRg8Ke7amru3evOV+J6gIrkJPdHDaYND5yOqB1Vl8a5woRjLmjhxgiXQ=
X-Received: by 2002:a2e:9dcd:: with SMTP id x13mr9822142ljj.120.1588599090255; Mon, 04 May 2020 06:31:30 -0700 (PDT)
MIME-Version: 1.0
References: <004801d61bae$08a61590$19f240b0$@smyslov.net> <1UW7qWO4vA.17rUXhBMkf8@pc8xp> <CAEKAoHTJ4S5Wfkb4KB+ZWQN7JO_Q-DXDcEz5pqd7MPMhyj_CDQ@mail.gmail.com> <1UW7rcJSVn.1ewl1Eq5e3S@pc8xp> <CABcZeBMPRDsJ9rbffk2K76HQk9f3c=dZKCPy+0y12YHQ+-9+AA@mail.gmail.com> <1UW9CaTYGG.2cwcof6jEuv@pc8xp>
In-Reply-To: <1UW9CaTYGG.2cwcof6jEuv@pc8xp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 04 May 2020 06:30:53 -0700
Message-ID: <CABcZeBPKRqhepo9KPpfT4+MFK8hcYdmdnT0Lw-Xd4=VYNteMRg@mail.gmail.com>
To: tom petch <daedulus@btconnect.com>
Cc: Ralph Holz <ralph.holz@gmail.com>, "uta@ietf.org" <uta@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000772e5305a4d28cff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/tEGeD5S3iJgZdnIot209NrwuT-Y>
Subject: Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 13:31:34 -0000
> On Tue, Apr 28, 2020 at 1:41 AM tom petch <daedulus@btconnect.com> wrote: > It's worth noting that to the extent that this is a requirement, it is > already violated by any installation which is compliant with RFC > 7525. The auditing techniques in question depend un using static RSA > cipher suites, but 7525 > https://tools.ietf.org/rfcmarkup?doc=7525#section-4.1 *already* > prohibits those at the SHOULD level and requires forward that forward > secure cipher suites be implemented and preferred at the MUST level: > > > o Implementations SHOULD NOT negotiate cipher suites based on RSA > key transport, a.k.a. "static RSA". > > Rationale: These cipher suites, which have assigned values > starting with the string "TLS_RSA_WITH_*", have several drawbacks, > especially the fact that they do not support forward secrecy. > > o Implementations MUST support and prefer to negotiate cipher suites > offering forward secrecy, such as those in the Ephemeral Diffie- > Hellman and Elliptic Curve Ephemeral Diffie-Hellman ("DHE" and > "ECDHE") families. > > Rationale: Forward secrecy (sometimes called "perfect forward > secrecy") prevents the recovery of information that was encrypted > with older session keys, thus limiting the amount of time during > which attacks can be successful. See Section 6.3 for a detailed > discussion. > > <tp> > Yes and it is a SHOULD not a MUST. Well, there is actually both a SHOULD and a MUST. Therefore any two 7525-compliant endpoints will negotiate a PFS algorithm (because of the MUST). Any 7525-compliant endpoint SHOULD NOT negotiate a non-PFS algorithm even with a (non-7525-compliant) peer which only supports that, though, as you say, that's only at SHOULD. As far as I can tell, any proposed TLS 1.3 requirement would have no impact on this (at least for existing protocols w/o TLS bindings) in that it would most likely require TLS 1.3 support/preference as MUST, but as you could still do TLS 1.2, you would have the same outcome matrix wrt PFS as you have now, Now, it's possible that a 7525-bis could forbid static RSA at the MUST level (and I think there's a reasonable argument for this) but that's a distinct question from updating it to include TLS 1.3. > I see TLS 1.3 as emphasising privacy > at a time when the world at large is waking up to the abuses that that > enables. I don't think it's useful to engage on the broader political question -- although I don't really agree with this -- but this feature is not primarily about privacy, but rather about security. There is wide consensus that modern protocols should have PFS and there was even back when 7525 was written (hence the text I quoted above). TLS 1.3 is just following the consensus in that respect. > As others have said, beyond adding a 'bis' this I-D seems devoid of > anything new and so, to me, seems too risky to adopt. It is a blank > slate. This seems like a misguided process objection. It's not uncommon in WGs to first agree to do a bis with a list of proposed changes, and then start with an unchanged version of the original document, adding one change at a time. The WG's agreement to adopt the document doesn't imply consensus for any particular change or the final document, and there will be plenty of opportunity to object to any specific text. -Ekr
- [Uta] Adoption call for draft-sheffer-uta-rfc7525… Valery Smyslov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Stephen Farrell
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John R. Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… tom petch
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Alexey Melnikov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Ralph Holz
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Alexey Melnikov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Saint-Andre
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Alexey Melnikov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… tom petch
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Ralph Holz
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Sean Turner
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… ned+uta
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Saint-Andre
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Jeremy Harris
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Gutmann
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Gutmann
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… tom petch
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Valery Smyslov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Jim Fenton
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Saint-Andre
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Valery Smyslov