On 12/2/14, 10:55 AM, Yaron Sheffer wrote:
This document is not an application profile standard, in the
sense of
Section 9 of [RFC5246]. As a result, clients and servers are
still
REQUIRED to support the mandatory TLS cipher suite,
TLS_RSA_WITH_AES_128_CBC_SHA.
A BCP defining cipher suite recommendations should not have a higher
level of requirement for TLS_RSA_WITH_AES_128_CBC_SHA than it has for
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, at least. I think it is OK to
just
say that the TLS specification was wrong to mandate
TLS_RSA_WITH_AES_128_CBC_SHA, or don't mention it at all.
I don't know if RFC 5246 was *wrong*, but the situation on the
ground has changed since 2008.
I was wondering about the above as well. I think your document is
updating MTI or at least narrowing down recommended choices, and
CBC_SHA is not one of them. So deleting the two sentences quoted
above is the best.
And in fact the text currently says:
This document is not an application profile standard, in the sense of
Section 9 of [RFC5246]. As a result, clients and servers are still
REQUIRED to support the mandatory TLS cipher suite,
TLS_RSA_WITH_AES_128_CBC_SHA.
So I'd agree with Yaron here.
IMHO, a distinction without a difference. Anybody complying with your
spec will need to implement a larger set of ciphers, so you are
effectively extending the MTI list.
Which reminds me of something else: some application protocols specify
explicit MTI TLS ciphers, which are different from the above. So now
that I thought about that, I really dislike the paragraph you quoted
above. So maybe change it to something more neutral:
This document doesn't change mandatory-to-implement TLS cipher
suite(s) prescribed by TLS and application protocols using TLS.
But I would rather drop the whole paragraph, as it weakens the whole
document.
I think we should be explicit about the cipher suite, even if we dislike
it. So how about:
This document doesn't change mandatory-to-implement TLS cipher suite(s)
prescribed by TLS and application protocols using TLS. To maximize
interoperability, RFC 5246 REQUIRES implementation of the
TLS_RSA_WITH_AES_128_CBC_SHA cipher suite, which is significantly weaker
than the cipher suites recommended here. Implementers should consider
the interoperability gain against the loss in security when deploying
this cipher suite. Other application protocols specify other cipher
suites as mandatory to implement (MTI).
WFM. I do think it's best to be explicit about the matter.
Peter
--
Peter Saint-Andre
https://andyet.com/
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
