On 1/3/2014 2:04 PM, Julien Vehent wrote:
On 2014-01-03 12:58, ianG wrote:
On 3/01/14 19:24 PM, Julien Vehent wrote:
On 2014-01-02 18:59, ianG wrote:
On 3/01/14 01:06 AM, Julien Vehent wrote:
3DES isn't broken.
No, but it is end of life. 112bit security for the 2key variant, and
an 8 byte block makes it just old. If you've got AES there, use it.
Who hasn't got it?
See https://wiki.mozilla.org/Security/Server_Side_TLS#RC4_weaknesses
"Internet Explorer uses the cryptographic library “schannel”, which is
OS dependent. schannel supports AES in Windows Vista, but not in
Windows
XP."
Right, Windows XP. Which is end of life.
Microsoft killing support for a product isn't the same thing as people
throwing away their computers.
Or, are you implying that because microsoft is ending the life of XP,
we should feel comfortable disconnecting these people from the
internet? I'm not sure what they did to deserve that, except spending
thousands of dollars on a computer years ago.
Hmmm.. Are the Chinese blocked from stronger crypto?
According to http://www.modern.ie/ie6countdown:
* 22.2% of China uses IE6
* 4.9% of users worlwide use IE6
Thanks for that! More end of life. And DJB says it's worse, we've
retrograded to about 50% RC4 usage.
Apples and Oranges. Some websites owners prefer RC4 for various
reasons, but it's different from what clients can actually negotiate.
Even if all website owners update their ciphersuite tomorrow, that
won't replace the millions of computers than are stuck on RC4 and 3DES.
I believe that our jobs, as security professionals, is to provide the
best security to everyone.
That is mozilla's mission. It provides its products to everyone.
Which naturally means it cannot and does not provide the 'best
security' to every person, rather it provides the best 'security for
everyone'.
Different story -- one moves security up, at the expense of users,
the other keeps users happy, but puts security on a race to the bottom.
Not only to the people that have a better
access to technology.
This is consistent with Mozilla's mission.
Absolutely! I'm well familiar of how the monolith of Mozilla's
mission casts a shadow over security.
BetterCrypto however is seeking ... *better crypto*. And that is a
different goal. Different users, different tradeoffs.
Where the two groups part company is on bad crypto. If IE6 and XP
users have bad crypto, then BetterCrypto is not for them.
So we won't disable old
crypto algorithms because the security community admits that they are
bad. We have to live with them.
Sure. And to some extent I don't disagree -- K6 speaks to ease of
use and availability; it is the number one, dominating law for
security.
But the enemy of cryptography is time; what was secure then is not
now. It doesn't take much to deal with it, but unfortunately the
powers that be SSL have fiddled around adding more and not chopping
away. Always because someone wants to keep it around.
This is a rock and a hard place. The rock of upgrading has met the
hard place of legacy users.
Where this goes from here is tension: BetterCrypto and groups like
it will continue to deprecate those ciphers. Users will start to
suffer. Users will complain. Mozilla and browsers and so forth will
cop the brunt of the suffering. Very unfair.
But meanwhile the fix is in. And if there is one thing we do know,
the juggernaut of SSL/IETF/PKIX/CABForum/OpenSSL/NSS/NIST/Sun/ and a
dozen other acronyms I've forgotten ... are not going to push on this
front. They are going to do what they always do: act as if every old
cipher is like a limb, squealing and moaning at the thought that it
is going to be cut off, all the while salivating at the chance to add
another cipher suite, more, moar!
:) prove me wrong! See how long it takes to get any of those groups
of power to announce an end of life for RC4. Or 3DES. Bloody android
is still using MD5, last I heard...
BetterCrypto *has to lead* because everyone else is following each
other in a big circle.
iang
I'm not sure what, in my message, triggered such a strong reaction. As
I said in a previous email:
"""
1. I think it's great to have two guides with divergent points of
view. I'm mostly
interested in discussing design choices, because these
discussions are useful.
I'm not interested in convincing the ACH group that one
recommendation is better
than the other, since it completely depends on the context.
"""
If anyone has a secret sauce to replace all of the ancient software
out there, with newer one that support TLS1.2, OCSP Stapling and so
on, I'm 200% up for it.
In the meantime, it's important that users can reach mozilla.org from
IE6, so that they can install Firefox and enjoy stronger security.
- Julien
If I may weigh in, one could certainly argue that there isn't any
benefit in allowing these people to believe that their HTTPS connections
are actually secure when they're using ciphers that we know to be broken
(how much we know them to be broken is certainly up for debate).
People can still go to whatever site they want even if they can't use
HTTPS, as long as the site is available over HTTP.
I wouldn't bother actually dropping support for a cipher suite until it
can be trivially broken, though, as that is the point at which it has no
value. Anything else is excessively heavyhanded.
--FalconK
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
