On Sat, Jul 25, 2015 at 03:00:54PM -0400, Dave Garrett wrote:
> On Saturday, July 25, 2015 01:18:49 pm Viktor Dukhovni wrote:
> > I would go further, and say that "prohibiting RC4" in any sense
> > that is more than prohibiting its use as the final outcome of a
> > handshake would be a rather counter-productive strategy.
> >
> > Servers and clients are strongly encouraged to not choose it, but
> > to reject connections from peers that offer it for interoperability
> > with others would just create a mess that would be operationally
> > challenging. RC4 is dying, just let it fade away into insignificance.
>
> I agree. The current draft language of not offering or negotiating
> RC4 is fine, as-is. My proposal of stopping tolerance of garbage
> suite offers is just for <112-bit junk.
If you mean the export suites plus the non-export single-DES suites
(these are only suites that I know to meet the above criterion),
and the idea is to refuse client connections when these are offered,
that's still rather aggressive.
Is that really necessary? The browsers will disable these through
software updates, consumers don't configure browser cipher suites.
For non-browser applications, a lot of administrators would face
mostly unnecessary interoperability issues and would have to
reconfigure client systems to disable cipher suites already disabled
on the server end.
Is the benefit worth the cost. They'll upgrade their systems to
ones that don't implement these features in due course without
duress.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
