[kitten] draft-kaduk-kitten-des-des-des-die-die-die-01.txt

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[kitten] draft-kaduk-kitten-des-des-des-die-die-die-01.txt

t.p.
>From the title, I was expecting an equivalent to RFC7465 but that is not
what this is; I think it should be.  Which WG is best placed to do this,
I am easy about.

Tom Petch


----- Original Message -----
From: <[hidden email]>
To: <[hidden email]>
Sent: Thursday, March 30, 2017 7:33 PM
Subject: I-D Action: draft-kaduk-kitten-des-des-des-die-die-die-01.txt


>
> A New Internet-Draft is available from the on-line Internet-Drafts
directories.

>
>
>         Title           : Deprecate 3DES and RC4 in Kerberos
>         Authors         : Benjamin Kaduk
>                           Michiko Short
> Filename        : draft-kaduk-kitten-des-des-des-die-die-die-01.txt
> Pages           : 9
> Date            : 2017-03-30
>
> Abstract:
>    The 3DES and RC4 encryption types are steadily weakening in
>    cryptographic strength, and the deprecation process should be begun
>    for their use in Kerberos.
>
>
> The IETF datatracker status page for this draft is:
>
https://datatracker.ietf.org/doc/draft-kaduk-kitten-des-des-des-die-die-
die/
>
> There are also htmlized versions available at:
>
https://tools.ietf.org/html/draft-kaduk-kitten-des-des-des-die-die-die-0
1
>
https://datatracker.ietf.org/doc/html/draft-kaduk-kitten-des-des-des-die
-die-die-01
>
> A diff from the previous version is available at:
>
https://www.ietf.org/rfcdiff?url2=draft-kaduk-kitten-des-des-des-die-die
-die-01
>
>
> Please note that it may take a couple of minutes from the time of
submission

> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> I-D-Announce mailing list
> [hidden email]
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] draft-kaduk-kitten-des-des-des-die-die-die-01.txt

Benjamin Kaduk-2
On Wed, Apr 05, 2017 at 04:43:46PM +0100, tom p. wrote:
> From the title, I was expecting an equivalent to RFC7465 but that is not
> what this is; I think it should be.  Which WG is best placed to do this,
> I am easy about.

I'm not sure I understand the question.  You are interested in
prohibiting triple-DES cipher suites from use in TLS?  That would
best be done in the TLS WG.

This draft was given its name as a homage to RFC 6649, which AFAIK
was the first document to use that construction.

-Ben

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] draft-kaduk-kitten-des-des-des-die-die-die-01.txt

t.p.
----- Original Message -----
From: "Benjamin Kaduk" <[hidden email]>
To: "tom p." <[hidden email]>
Cc: <[hidden email]>
Sent: Wednesday, April 05, 2017 4:53 PM
> On Wed, Apr 05, 2017 at 04:43:46PM +0100, tom p. wrote:
> > From the title, I was expecting an equivalent to RFC7465 but that is
not
> > what this is; I think it should be.  Which WG is best placed to do
this,
> > I am easy about.
>
> I'm not sure I understand the question.  You are interested in
> prohibiting triple-DES cipher suites from use in TLS?  That would
> best be done in the TLS WG.
>
> This draft was given its name as a homage to RFC 6649, which AFAIK
> was the first document to use that construction.

Ah, I am not as well informed as you.  I first came across the name of
that form with RFC7465 and assumed that that was the one you were
following.

Having read RFC6649, I still think that RFC7465 is the way to do it.
The Abstract of that RFC gives me very clear guidance as to what to do.
This I-D I find less clear
"The 3DES and RC4 encryption types are steadily weakening in
   cryptographic strength ..."
leaves me wondering; would a dose of iron or vitamins restore their
strength?  Well, no:-) but I want clear guidance, not the evidence from
which I have to work out my own conclusions.

RFC7465 - wisely - avoids the word 'deprecate'; it tells users what to
do, what the advice of those more expert in the field is.  I have seen
discussions on several lists as to what the word 'deprecate' means, with
no consensus, no definition.  We do now have a definition in
leiba-cotton- -5226bis and since you are proposing to update IANA, then
that is the definition you are going to get, like it or lump it, so if
that is what you mean, you should have that as a Normative Reference; if
not, then I think that you should avoid the word 'deprecate' as RFC7465
does.

Tom Petch

> -Ben

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten