Re: ACTION-426: strong and weak TLS algorithms (incorporateISSUE-128text) from Thomas Roessler on 2008-07-14 (public-wsc-wg@w3.org from July 2008)

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 14 Jul 2008 20:55:32 +0200
To: "Doyle, Bill" <wdoyle@mitre.org>
Cc: stephen.farrell@cs.tcd.ie, pbaker@verisign.com, johnath@mozilla.com, yngve@opera.com, public-wsc-wg@w3.org
Message-ID: <20080714185532.GE288@iCoaster.does-not-exist.org>

We're referencing A.5 from seciton 5.2:
http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#typesoftls

>When this document speaks of [Definition: Strong TLS algorithms],
>then the following must hold:
>
>   1. No version of the TLS protocol that suffers known security
>   flaws has been negotiated. At the point of writing of this
>   document, versions of SSL prior to SSLv3 [SSLv3] MUST NOT be
>   considered strong.
>
>   2. A cipher suite has been selected for which key and algorithm
>   strengths correspond to industry practice. At the time of writing
>   of this document, the "export" cipher suites explicitly forbidden
>   in appendix A.5 of [TLSv11] MUST NOT be considered strong.

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>






On 2008-07-14 14:51:43 -0400, Bill Doyle wrote:
> From: "Doyle, Bill" <wdoyle@mitre.org>
> To: Thomas Roessler <tlr@w3.org>
> Cc: stephen.farrell@cs.tcd.ie, pbaker@verisign.com, johnath@mozilla.com,
> 	yngve@opera.com, public-wsc-wg@w3.org
> Date: Mon, 14 Jul 2008 14:51:43 -0400
> Subject: RE: ACTION-426: strong and weak TLS algorithms (incorporateISSUE-128text)
> X-Spam-Level: 
> X-Bogosity: Unsure, tests=bogofilter, spamicity=0.491070, version=1.1.6
> 
> This is really quite late response but in looking at
> 
> Network Working Group                                          T.
> Dierks
> Request for Comments: 4346
> Independent
> Obsoletes: 2246                                              E.
> Rescorla
> Category: Standards Track                                     RTFM,
> Inc.
>                                                               April
> 2006
> 
> 
>               The Transport Layer Security (TLS) Protocol
>                               Version 1.1
> 
> 
> Appendix 5 notes ciphersuite definitions that are not considered secure
> 
> http://tools.ietf.org/html/rfc4346#appendix-A.5
> 
>  
> 
> -----Original Message-----
> From: Thomas Roessler [mailto:tlr@w3.org] 
> Sent: Wednesday, June 11, 2008 2:08 PM
> To: Doyle, Bill
> Cc: stephen.farrell@cs.tcd.ie; pbaker@verisign.com;
> johnath@mozilla.com; yngve@opera.com; public-wsc-wg@w3.org
> Subject: Re: ACTION-426: strong and weak TLS algorithms
> (incorporateISSUE-128text)
> 
> For context:
> http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-strong-algos
> 
> On 2008-06-11 13:46:06 -0400, Bill Doyle wrote:
> 
> > I like it -
> 
> Thanks.
> 
> > SSLv3 is deprecated - supported ciphers are no longer strong enough,
> > industry moves forward.
> 
> I'm happy to add this one to the list of things that you really must
> not consider strong.  Which brings me to another point:  It's
> probably worth using RFC 2119 verbiage when we enumerate what's
> considered weak or strong.  I've made that change in the latest
> version, and would actually be tempted to change this further to say
> that:
> 
> 	SSLv3 SHOULD NOT be considered strong.
> 
> I also wonder if it's worth saying a word about MD5-based certs.
> 
> > Is the IETF grouping ciphers in a way that enables weak ciphers to be
> > noted? Export grade is easy, not sure about others.
> 
> Not that I'd know.
> 
> Cheers,
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
> 
>

Received on Monday, 14 July 2008 18:56:09 UTC