+1 for what Aaron writes: weak algorithms must go. Else we can just stop the entire enterprise of writing a BCP and break for tea and biscuits.
I think, in the context of this BCP, which is forward-looking, it is reasonable to say all else weak crypto MUST go, and especially RC4. OE/OS is still free to fall back to anything unauthenticated/unencrypted that may still linger around, but even OE/OS should be happy to get newer algorithms. On 14 October 2014 13:56, Aaron Zauner <[email protected]> wrote: > Hi Viktor, > > I disagree with a couple of points you make: > > * Viktor Dukhovni <[email protected]> [141014 10:30]: > > And in particular the "MUST NOT" for RC4 is also inapplicable with > > opportunistic TLS. > > > > [...] > > > > 3. > > SSL Protocol version recommendations. > > > > Once again with unauthenticated opportunistic TLS even SSL 3.0 or > > TLS 1.0 is (much) better than cleartext. So the MUST NOT SSL 3.0 > > and SHOULD NOT TLS 1.0 are too strong. > > So once again we have the whole 'opportunistic' discussion. I > strongly disagree that both should be changed from MUST NOT to a > SHOULD NOT or even something less. The whole point should be to > deprecate SSLv3 and RC4 as soon as possible, no matter what. I do > not think it does matter if the WG sees 'opportunistic' encryption > as sufficient - both have to go. They are a real world security > threat. In particular downgrade attacks on unauthenticated TLS > will enable less-than-optimal security for server and client with > SSLv3 and might enable various attack vectors. For example, the > recent virtual host confusion attack [0] relies on this fact. I'm sure > there are other attacks. If we're talking 'opportunistic' again: as > far as I can remember SSLv3 is succeptible to replay attacks on > anonymous diffie-hellman [1]. > > As said, I think we should deprecate RC4 and SSLv3 ASAP. > > I'm happy that Google does practically the same thing with > deprecating SHA1: once their browser and android devices will issue > a warning, every snakeoil CA needs to act or will loose customers. > Sometimes you have to push to get good security widely deployed. > > > Aaron > > [0] - http://bh.ht.vc/ > [1] - https://www.schneier.com/paper-ssl.pdf > > > > > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta > >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
