Re: TLS/SSL robustness - high, medium, low

Ian Fette wrote:
> I am worried about how we use this. Are we expecting there to be some
> option somewhere where users choose "I want SSL to be mildly robust,
> more robust, or totally robust"? Because that seems like a bad path to
> go down to me. 

Agree. Rather than try classify legacy crypto maybe our rec would be
a good place to think about mandating removing some of those options?
E.g. Maybe we could say that conformant implementations MUST NOT
offer export-grade ciphersuites etc. (Even if TLS 1.2 also mandates
the same thing, it might be useful if we also do that since TLS 1.0
etc deployments will probably be around for a good while yet.)

Of course, that'd depend on the prevalence of v. older browser and/or
servers - do we have up to date information that indicates that those
could now be ignored by folks who'd want to conform to our rec?

> Also, calling "strong" interactions "robust" seems
> confusing me to me, because I think of robust as meaning it's going to
> work. I.e. I would say the method that falls back to older protocol
> versions / cipher suites would be robust. So I'm a bit worried that this
> terminology might confuse others.

I think that that's a good point.

S.

> 
> On Jan 8, 2008 12:05 PM, Michael Versace < michael.versace@fstc.org
> <mailto:michael.versace@fstc.org>> wrote:
> 
>     We should not only consider protocol version and cipher strength,
>     but also the validation methods used to determine if certificates
>     are in a current state of membership. 
> 
>      
> 
>     *From:* public-wsc-wg-request@w3.org
>     <mailto:public-wsc-wg-request@w3.org>
>     [mailto:public-wsc-wg-request@w3.org
>     <mailto:public-wsc-wg-request@w3.org>] *On Behalf Of *Dan Schutzer
>     *Sent:* Tuesday, January 08, 2008 2:11 PM
>     *To:* 'Doyle, Bill'; public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org>
>     *Subject:* RE: TLS/SSL robustness - high, medium, low
> 
>      
> 
>     I think there might also be something we might want to say about
>     whether it is using just server certs or client and server certs
> 
>      
> 
>     ------------------------------------------------------------------------
> 
>     *From:* public-wsc-wg-request@w3.org
>     <mailto:public-wsc-wg-request@w3.org>
>     [mailto:public-wsc-wg-request@w3.org
>     <mailto:public-wsc-wg-request@w3.org>] *On Behalf Of *Doyle, Bill
>     *Sent:* Tuesday, January 08, 2008 12:52 PM
>     *To:* public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org>
>     *Subject:* TLS/SSL robustness - high, medium, low
> 
>      
> 
>     A thought is to add another robustness section to define TLS/SSL
>     robustness
> 
>      
> 
>     Robustness of information assurance provided by TLS/SSL is dependant
>     on the version of the protocol and strength of ciphers used. User
>     agents and web servers should have the ability to restrict the use
>     of TLS/SSL to require latest version of the TLS/SSL protocol and
>     configuration settings should provide the capability to choose with
>     fine grained precision the cipher suites allowed. Cipher suites are
>     arranged to note export/weak (?? or key settings / 40-56 bit
>     ciphers), medium (?? ./ 128 bit ciphers) and strong (?? / 256 bit
>     ciphers).
> 
>      
> 
>     High Robustness
> 
>     Requires the use of latest version of the TLS/SSL protocol
>     and connections must use cipher suites that fit into the strong
>     category.
> 
>      
> 
>     Medium Robustness
> 
>     Use of TLS/SSL protocol that is 1 version behind the latest TLS/SSL
>     definition and uses ciphers in medium or strong category
> 
>      
> 
>     Low Robustness
> 
>     Use of a TLS/SSL protocol and cipher settings that do not fit into
>     medium or high robustness categories.
> 
>      
> 
>     or something like this
> 
>      
> 
>     Bill D.
> 
>      
> 
>      
> 
>      
> 
>          
> 
> 

Received on Tuesday, 8 January 2008 21:41:23 UTC