On Thu, Jul 23, 2015 at 11:43:45AM -0400, Dave Garrett wrote:
> Right now, the restrictions section prohibits:
> RC4, SSL2/3, & EXPORT/NULL entirely (via min bits)
> and has "SHOULD" use TLS 1.3+ compatible with TLS 1.2, if available
So much for using NULL ciphers for client-server authentication on
loopback interfaces. :-(
Surely, in at least some cases, making it harder to make mistakes
needs to be addressed in toolkit and application interfaces, not
the protocol. Removing weak algorithms that serve the same use-cases
poorly is fine, but removing non-traditional use-cases is perhaps
too drastic.
> Plus, "MUST" use DHE or ECDHE for ALL connections, even back to TLS 1.0,
> or abort with a fatal error.
Who's going to police the Internet to remove all the legacy services?
> By the way, even IE6 on XP supports DHE.
But not Exchange server 2003, and various Windows-based email gateway
appliances.
> If we actually have to care about IE on
> XP, we could state an exception that the only non-PFS cipher suite to be
> permitted on servers for backwards compatibility is
> TLS_RSA_WITH_3DES_EDE_CBC_SHA.
Exchange 2003 has a broken 3DES implementation. The only working
ciphersuites are RC4-SHA/RC4-MD5.
And there are surely plenty of legacy system that are neither HTTPS
or email. It sure sounds like the radical surgery is largely for
HTTPS, and should be implemented in web servers and clients, not
the TLS protocol.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
