| draft-ietf-curdle-rc4-die-die-die-01.txt | draft-ietf-curdle-rc4-die-die-die-02.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) L. Camara | Internet Engineering Task Force (IETF) L. Camara | |||
| Internet-Draft August 1, 2017 | Internet-Draft August 8, 2017 | |||
| Obsoletes: 4345 | Obsoletes: 4345 | |||
| Updates: 3501, 4253, 6649, 6733 | Updates: 3501, 4253, 6649, 6733 | |||
| Intended Status: Best Current Practice | Intended Status: Best Current Practice | |||
| Expires: February 2, 2018 | Expires: February 9, 2018 | |||
| Deprecating RC4 in all IETF Protocols | Deprecating RC4 in all IETF Protocols | |||
| draft-ietf-curdle-rc4-die-die-die-01 | draft-ietf-curdle-rc4-die-die-die-02 | |||
| [[RFC-Editor: Please replace all instances of xxxx in this document with | [[RFC-Editor: Please replace all instances of xxxx in this document with | |||
| the RFC number of draft-ietf-curdle-des-des-des-die-die-die.]] | the RFC number of draft-ietf-curdle-des-des-des-die-die-die.]] | |||
| [[RFC-Editor: please replace the second character of my surname by | [[RFC-Editor: please replace the second character of my surname by | |||
| U+00E2 when publishing as RFC in the header and in all pages. | U+00E2 when publishing as RFC in the header and in all pages. | |||
| Non-ASCII characters are allowed in RFCs as per RFC 7997.]] | Non-ASCII characters are allowed in RFCs as per RFC 7997.]] | |||
| Abstract | Abstract | |||
| skipping to change at page 3, line 25 ¶ | skipping to change at page 3, line 25 ¶ | |||
| As the document is over 14 years old, the second paragraph of | As the document is over 14 years old, the second paragraph of | |||
| Section 11.1 of [RFC3501] is replaced with the following paragraph: | Section 11.1 of [RFC3501] is replaced with the following paragraph: | |||
| """ | """ | |||
| IMAP client and server implementations were formerly required to | IMAP client and server implementations were formerly required to | |||
| implement TLS_RSA_WITH_RC4_128_MD5 {TLS}, an extremely weak cipher | implement TLS_RSA_WITH_RC4_128_MD5 {TLS}, an extremely weak cipher | |||
| suite [RFC6151] [RFC6649] [RFC7457] [RFCxxxx] [RFCyyyy] that TLS | suite [RFC6151] [RFC6649] [RFC7457] [RFCxxxx] [RFCyyyy] that TLS | |||
| clients MUST NOT implement per [RFC7465]. Compatibility requirements | clients MUST NOT implement per [RFC7465]. Compatibility requirements | |||
| were removed in the grounds of security, and all clients and servers | were removed in the grounds of security, and all clients and servers | |||
| SHOULD implement TLS 1.2 {TLS} and the | SHOULD comply to [RFC7525]. | |||
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {TLS} cipher suite. | ||||
| """ | """ | |||
| The TLS reference in [RFC3501] should be replaced with a reference to | The TLS reference in [RFC3501] should be replaced with a reference to | |||
| RFC 5246, and references to RFC 6151, RFC 6649, RFC 7457, RFC 7465, | RFC 5246, and references to RFC 6151, RFC 6649, RFC 7457, RFC 7465, | |||
| RFC xxxx and this document (as RFC yyyy) should be added. | RFC xxxx and this document (as RFC yyyy) should be added. | |||
| 4. Updates to RFC 4253 | 4. Updates to RFC 4253 | |||
| RFC 4253 is updated to note the deprecation of arcfour and 3des-cbc. | RFC 4253 is updated to note the deprecation of arcfour and 3des-cbc. | |||
| skipping to change at page 4, line 46 ¶ | skipping to change at page 4, line 46 ¶ | |||
| AES cipher suite). | AES cipher suite). | |||
| RFC 6733 was published in October 2012, and all paragraphs but the | RFC 6733 was published in October 2012, and all paragraphs but the | |||
| last of Section 13.1 of [RFC6733] are to be replaced with: | last of Section 13.1 of [RFC6733] are to be replaced with: | |||
| """ | """ | |||
| Diameter nodes were formerly required to implement insecure RC4 | Diameter nodes were formerly required to implement insecure RC4 | |||
| cipher suites and weak 3DES cipher suites. RC4 MUST NOT be used | cipher suites and weak 3DES cipher suites. RC4 MUST NOT be used | |||
| because it is prohibited by RFC 7465. | because it is prohibited by RFC 7465. | |||
| Diameter nodes MUST support at least one of the following cipher | Diameter nodes MUST comply to [RFC7525]. | |||
| suites: | ||||
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | ||||
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ||||
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ||||
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | ||||
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ||||
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ||||
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | ||||
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | ||||
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | ||||
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | ||||
| TLS_RSA_WITH_AES_128_CBC_SHA was not chosen to be absolutely required | TLS_RSA_WITH_AES_128_CBC_SHA was not chosen to be absolutely required | |||
| as Diameter nodes may require all connections to use forward secrecy | as Diameter nodes may require all connections to use forward secrecy | |||
| by only implementing cipher suites with forward secrecy. | by only implementing cipher suites with forward secrecy. | |||
| TLS_RSA_WITH_AES_128_CBC_SHA is not a forward secrecy cipher suite | TLS_RSA_WITH_AES_128_CBC_SHA is not a forward secrecy cipher suite | |||
| because all connections can be decrypted once the private RSA key is | because all connections can be decrypted once the private RSA key is | |||
| known by an attacker. | known by an attacker. | |||
| """ | """ | |||
| Several choices were given because of patent concerns with Elliptic | ||||
| Curve Cryptography (ECC) and problems of older implementations with | ||||
| ECC and GCM cipher suites, as well as problems of new implementations | ||||
| with DHE, as they may not support DHE because ECDHE is more | ||||
| efficient. | ||||
| 7. Action to be taken | 7. Action to be taken | |||
| RC4 MUST NOT be used in new implementations of IETF protocols, and | RC4 MUST NOT be used in new implementations of IETF protocols, and | |||
| RC4 MUST be eliminated as fast as possible from the existing Internet | RC4 MUST be eliminated as fast as possible from the existing Internet | |||
| infrastructure, as RC4 is insecure [RFC6649] [RFC7457] [RFCxxxx]. | infrastructure, as RC4 is insecure [RFC6649] [RFC7457] [RFCxxxx]. | |||
| Microsoft Corporation SHOULD take action to eradicate RC4 in all | Vendors SHOULD take action to eradicate RC4 in all their software | |||
| its software and systems. | and systems. | |||
| New IETF protocols MUST NOT allow RC4, and new versions of existing | New IETF protocols MUST NOT allow RC4, and new versions of existing | |||
| IETF protocols MUST either not allow RC4 or recommend not to use RC4 | IETF protocols MUST either not allow RC4 or recommend not to use RC4 | |||
| (for example, using "NOT RECOMMENDED" or "SHOULD NOT"). | (for example, using "NOT RECOMMENDED" or "SHOULD NOT"). | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| IANA may need to take action as the status for RC4 and 3DES | IANA may need to take action as the status for RC4 and 3DES | |||
| algorithms for Secure Shell (SSH) is changed by this document | algorithms for Secure Shell (SSH) is changed by this document | |||
| (see Section 6, that updates [RFC4253]). | (see Section 6, that updates [RFC4253]). | |||
| skipping to change at page 5, line 53 ¶ | skipping to change at page 5, line 35 ¶ | |||
| This document deprecates RC4, that is obsolete cryptography, and | This document deprecates RC4, that is obsolete cryptography, and | |||
| several attacks that render it useless have been published [RFC6649]. | several attacks that render it useless have been published [RFC6649]. | |||
| Refer to Section 5 of [RFCxxxx] for further security considerations. | Refer to Section 5 of [RFCxxxx] for further security considerations. | |||
| 10. Acknowledgements | 10. Acknowledgements | |||
| [[RFC-Editor: When possible, add native names according to the | [[RFC-Editor: When possible, add native names according to the | |||
| conventions of RFC 7997.]] | conventions of RFC 7997.]] | |||
| Thanks to the following people for writing reference material: | Thanks to the following people: | |||
| * Sean Turner and Lily Chen for writing RFC 6151, that contains | * Sean Turner and Lily Chen for writing RFC 6151, that contains | |||
| updated security considerations for MD5 and HMAC-MD5. | updated security considerations for MD5 and HMAC-MD5. | |||
| * Love Hornquist Astrand and Tom Yu for writing RFC 6649, that | * Love Hornquist Astrand and Tom Yu for writing RFC 6649, that | |||
| deprecates weak cryptographic algorithms in Kerberos. | deprecates weak cryptographic algorithms in Kerberos. | |||
| * Yaron Sheffer, Ralph Holz and Peter Saint-Andre for writing | * Yaron Sheffer, Ralph Holz and Peter Saint-Andre for writing | |||
| RFC 7457, that summarises known attacks against Transport Layer | RFC 7457, that summarises known attacks against Transport Layer | |||
| Security (TLS). | Security (TLS), and RFC 7525, that provides recommendations for | |||
| the use of TLS and Datagram Transport Layer Security (DTLS). | ||||
| * Andrei Popov for writing RFC 7465, that prohibits RC4 cipher | * Andrei Popov for writing RFC 7465, that prohibits RC4 cipher | |||
| suites in Transport Layer Security (TLS). | suites in Transport Layer Security (TLS). | |||
| * Julien Elie for sending me an email about the requirements to | * Julien Elie for sending me an email about the requirements to | |||
| implement RC4 cipher suites in RFC 3501 and RFC 6733. | implement RC4 cipher suites in RFC 3501 and RFC 6733. | |||
| Also thanks to SSL Labs for capping server grades to B (RC4 only used | Also thanks to SSL Labs for capping server grades to B (RC4 only used | |||
| with older protocols) and C (RC4 used with modern protocols) when | with older protocols) and C (RC4 used with modern protocols) when | |||
| servers support RC4, and flagging cipher suites and clients using RC4 | servers support RC4, and flagging cipher suites and clients using RC4 | |||
| skipping to change at page 6, line 41 ¶ | skipping to change at page 6, line 25 ¶ | |||
| 11.1. Normative References | 11.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC6649] Hornquist Astrand, L. and T. Yu, "Deprecate DES, RC4-HMAC- | [RFC6649] Hornquist Astrand, L. and T. Yu, "Deprecate DES, RC4-HMAC- | |||
| EXP, and Other Weak Cryptographic Algorithms in Kerberos", | EXP, and Other Weak Cryptographic Algorithms in Kerberos", | |||
| BCP 179, RFC 6649, July 2012. | BCP 179, RFC 6649, July 2012. | |||
| [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
| "Recommendations for Secure Use of Transport Layer | ||||
| Security (TLS) and Datagram Transport Layer Security | ||||
| (DTLS)", BCP 195, RFC 7525, May 2015. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in | |||
| RFC 2119 Key Words", BCP 14, RFC 8174, May 2017. | RFC 2119 Key Words", BCP 14, RFC 8174, May 2017. | |||
| [RFCxxxx] Kaduk, B., and M. Short, "Deprecate 3DES and RC4 in | [RFCxxxx] Kaduk, B., and M. Short, "Deprecate 3DES and RC4 in | |||
| Kerberos", draft-ietf-curdle-des-des-des-die-die-die-04, | Kerberos", draft-ietf-curdle-des-des-des-die-die-die-04, | |||
| Work in Progress. | Work in Progress. | |||
| 11.2. Informative References | 11.2. Informative References | |||
| [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - Version | [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - Version | |||
| 4rev1", RFC 3501, March 2003. | 4rev1", RFC 3501, March 2003. | |||
| [RFC3961] Raeburn, K., "Encryption and Checksum Specifications for | ||||
| Kerberos 5", RFC 3961, February 2005. | ||||
| [RFC4253] Ylonen, T., and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4253] Ylonen, T., and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Transport Layer Protocol", RFC 4253, January 2006. | Transport Layer Protocol", RFC 4253, January 2006. | |||
| [RFC4757] Jaganathan, K., Zhu, L., and J. Brezak, "The RC4-HMAC | [RFC4757] Jaganathan, K., Zhu, L., and J. Brezak, "The RC4-HMAC | |||
| Kerberos Encryption Types Used by Microsoft Windows", | Kerberos Encryption Types Used by Microsoft Windows", | |||
| RFC 4757, December 2006. | RFC 4757, December 2006. | |||
| [RFC6151] Turner, S., and L. Chen, "Updated Security Considerations | [RFC6151] Turner, S., and L. Chen, "Updated Security Considerations | |||
| for the MD5 Message-Digest and the HMAC-MD5 Algorithms", | for the MD5 Message-Digest and the HMAC-MD5 Algorithms", | |||
| RFC 6151, March 2011. | RFC 6151, March 2011. | |||
| [RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, | [RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, | |||
| Ed., "Diameter Base Protocol", RFC 6733, October 2012. | Ed., "Diameter Base Protocol", RFC 6733, October 2012. | |||
| [RFC7457] Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing | [RFC7457] Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing | |||
| Known Attacks on Transport Layer Security (TLS) and | Known Attacks on Transport Layer Security (TLS) and | |||
| Datagram TLS (DTLS)", RFC 7457, February 2015. | Datagram TLS (DTLS)", RFC 7457, February 2015. | |||
| [RFC7465] Popov, A., "Deprecating RC4 Cipher Suites", RFC 7465, | [RFC7465] Popov, A., "Prohibiting RC4 Cipher Suites", RFC 7465, | |||
| February 2015. | February 2015. | |||
| [[RFC-Editor: please replace the 'i' in my name by U+00ED and the | [[RFC-Editor: please replace the 'i' in my name by U+00ED and the | |||
| first 'a' in the surname by U+00E2, as non-ASCII characters are | first 'a' in the surname by U+00E2, as non-ASCII characters are | |||
| allowed as per RFC 7997]] | allowed as per RFC 7997]] | |||
| 12. Author's Address | 12. Author's Address | |||
| Luis Camara | Luis Camara | |||
| EMail: <luis.camara@live.com.pt> | EMail: <luis.camara@live.com.pt> | |||
| Appendix A. Changelog | Appendix A. Changelog | |||
| [[RFC-Editor: please remove this section when publishing.]] | [[RFC-Editor: please remove this section when publishing.]] | |||
| WG draft (draft-ietf-curdle-rc4-die-die-die): | WG draft (draft-ietf-curdle-rc4-die-die-die): | |||
| 02 - addressed Todd Short's concerns. | ||||
| 01 - massive simplification: removed informational updates, removed | 01 - massive simplification: removed informational updates, removed | |||
| all Pre-5378 Material, retracted all "Obsoletes:" except for | all Pre-5378 Material, retracted all "Obsoletes:" except for | |||
| RFC 4345, removed Appendix A and renamed changelog to Appendix A. | RFC 4345, removed Appendix A and renamed changelog to Appendix A. | |||
| 00 - dummy update to get the draft into the curdle WG. | 00 - dummy update to get the draft into the curdle WG. | |||
| Individual draft (draft-luis140219-curdle-rc4-die-die-die): | Individual draft (draft-luis140219-curdle-rc4-die-die-die): | |||
| 02 - changed title to "Deprecating RC4 in all IETF Protocols", changed | 02 - changed title to "Deprecating RC4 in all IETF Protocols", changed | |||
| the header of all pages to "Deprecating RC4 in all Protocols", | the header of all pages to "Deprecating RC4 in all Protocols", | |||
| End of changes. 13 change blocks. | ||||
| 32 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||