On 11/02/2015 16:46, Salz, Rich wrote: >> I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it >> explicilty in DEFAULT) is a good one that maintains important backward >> compatibility while providing the desired removal of RC4 by default. There's >> no advantage to moving RC4 to LOW. > Sure there is: it's an accurate description of the quality of protection provided by the algorithm. :) Is the security level (i.e. log2 of the cost of the best known direct attack) 40 bits (historical EXPORT label), 56 bits (historical LOW label), 112 to 127 bits (historical MEDIUM) level, or somewhere in between? This is the real question that should guide its classification, not if it is "lower than what is currently recommended". Given the currenly available ciphers, it may make sense to add new groups: HIGH192, HIGH256 and larger ones still. As time progresses, the default can then move from HIGH to HIGH192, to HIGH256 as the state of the art changes, without redefining semantics. Furthermore, the various attacks on SSL3/TLS1.0 padding and IV logic creates an ongoing need to have a widely supported, TLS1.0 compatible stream-or-otherwise-unpadded cipher choice as an emergency fallback as other protections are being rolled out by all kinds of vendors. For example RC4 is immune to POODLE as well as a previous widelypublicized attack, simply because it uses neither the flawed SSL3padding nor the sometimes problematic TLS1.0 IV selection. No other cipher provides this protection when talking to older peers that cannot or will not upgrade to the latest-and-greatest TLS standards. > It's also compatible with our documentation, which as was pointed out, always uses the word "currently" to describe the magic keywords. > > And it's also planned for the next version which won't be available until near the end of the year. > > And it's also compliant with the expected publication of the IETF RFC's that talk about TLS configuration and attacks. > > Postfix can work lay the groundwork to be future-compliant by changing its default configuration to be HIGH:MEDIUM:RC4. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150211/42cc62a3/attachment.html>
