[146727] in cryptography@c2.net mail archive
Re: [Cryptography] People should turn on PFS in TLS
daemon@ATHENA.MIT.EDU (ianG)
Sat Sep 7 04:06:40 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 07 Sep 2013 10:35:12 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <20130906141148.259addb1@jabberwock.cb.piermont.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 6/09/13 21:11 PM, Perry E. Metzger wrote:
> On Fri, 6 Sep 2013 18:56:51 +0100 Ben Laurie <ben@links.org> wrote:
>> The problem is that there's nothing good [in the way of ciphers]
>> left for TLS < 1.2.
>
> So, lets say in public that the browser vendors have no excuse left
> for not going to 1.2.
>
> I hate to be a conspiracy nutter, but it is that kind of week. Anyone
> at a browser vendor resisting the move to 1.2 should be viewed with
> deep suspicion.
>
> (Heck, if they're not on the government's payroll, then shame on them
> for retarding progress for free. They should at least be charging. And
> yes, I'm aware many of the people resisting are probably doing so
> without realizing they're harming internet security, but we can no
> longer presume that is the motive.)
>
> Chrome handles 1.2, there is no longer any real excuse for the others
> not to do the same.
The sentiment I agree with. But the record of such transitions is not good.
E.g., Back in September 2009 Ray & Dispensa discovered a serious bug
with renegotiation in SSL. According to SSL Pulse, it took until around
April of this year [0] before 80% of the SSL hosts were upgraded to
cover the bug.
Which gives us an OODA response loop of around 3-4 years.
And, that was the best it got -- the SSL community actually cared about
that bug. It gets far worse in stuff that they consider not to be a
bug, such as HTTPS Everywhere, TLS/SNI, MD5, browser security fixes for
phishing, HTTP-better-than-self-signed, HTTPS starting up with its own
self-signed cert, etc, etc.
iang
[0] it depends on how you measure the 80% mark, though.
PS: More here on OODA loops
http://financialcryptography.com/mt/archives/001210.html
http://financialcryptography.com/mt/archives/001444.html
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
