Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

kim.davis
Is there an agreed timeline for deprecation of the technologies listed in the initial posting? We should be proactive in this field.

For example, last month a plan to deploy 12000 devices to medical professionals has been finalised, despite the devices using 1024bit RSA keys - on the grounds that it works in current browsers and will likely keep working for the next 10 years. I am not happy about such outcomes.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

Kurt Roeckx
On 2015-03-14 01:23, [hidden email] wrote:
> Is there an agreed timeline for deprecation of the technologies listed in the initial posting? We should be proactive in this field.
>
> For example, last month a plan to deploy 12000 devices to medical professionals has been finalised, despite the devices using 1024bit RSA keys - on the grounds that it works in current browsers and will likely keep working for the next 10 years. I am not happy about such outcomes.

Whoever thinks that this will keep working for the next 10 years is
clearly misinformed.  CAs should not be issuing such certificates.  If
they do, please let us know which CA does that so we can talk to them
about revoking them.


Kurt

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

Erwann ABALEA-3
In reply to this post by kim.davis
Le lundi 16 mars 2015 10:29:08 UTC+1, Kurt Roeckx a écrit :
> On 2015-03-14 01:23, [hidden email] wrote:
> > Is there an agreed timeline for deprecation of the technologies listed in the initial posting? We should be proactive in this field.
> >
> > For example, last month a plan to deploy 12000 devices to medical professionals has been finalised, despite the devices using 1024bit RSA keys - on the grounds that it works in current browsers and will likely keep working for the next 10 years. I am not happy about such outcomes.
>
> Whoever thinks that this will keep working for the next 10 years is
> clearly misinformed.  CAs should not be issuing such certificates.  If
> they do, please let us know which CA does that so we can talk to them
> about revoking them.

There's nothing in the OP post saying those certificates would be issued under a public CA.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

Ryan Sleevi
On Mon, March 16, 2015 10:24 am, Erwann Abalea wrote:

>  Le lundi 16 mars 2015 10:29:08 UTC+1, Kurt Roeckx a écrit :
> > On 2015-03-14 01:23, [hidden email] wrote:
> > > Is there an agreed timeline for deprecation of the technologies listed
> > in the initial posting? We should be proactive in this field.
> > >
> > > For example, last month a plan to deploy 12000 devices to medical
> > professionals has been finalised, despite the devices using 1024bit
> > RSA keys - on the grounds that it works in current browsers and will
> > likely keep working for the next 10 years. I am not happy about such
> > outcomes.
> >
> > Whoever thinks that this will keep working for the next 10 years is
> > clearly misinformed.  CAs should not be issuing such certificates.  If
> > they do, please let us know which CA does that so we can talk to them
> > about revoking them.
>
>  There's nothing in the OP post saying those certificates would be issued
>  under a public CA.

My goal is to phase these out in Chrome by the end of the year. We have
ample evidence that suggests this is reasonable.

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

Erwann ABALEA-3
In reply to this post by Erwann ABALEA-3
Le lundi 16 mars 2015 19:47:30 UTC+1, Ryan Sleevi a écrit :

> On Mon, March 16, 2015 10:24 am, Erwann Abalea wrote:
> >  Le lundi 16 mars 2015 10:29:08 UTC+1, Kurt Roeckx a écrit :
> > > On 2015-03-14 01:23, [hidden email] wrote:
> > > > Is there an agreed timeline for deprecation of the technologies listed
> > > in the initial posting? We should be proactive in this field.
> > > >
> > > > For example, last month a plan to deploy 12000 devices to medical
> > > professionals has been finalised, despite the devices using 1024bit
> > > RSA keys - on the grounds that it works in current browsers and will
> > > likely keep working for the next 10 years. I am not happy about such
> > > outcomes.
> > >
> > > Whoever thinks that this will keep working for the next 10 years is
> > > clearly misinformed.  CAs should not be issuing such certificates.  If
> > > they do, please let us know which CA does that so we can talk to them
> > > about revoking them.
> >
> >  There's nothing in the OP post saying those certificates would be issued
> >  under a public CA.
>
> My goal is to phase these out in Chrome by the end of the year. We have
> ample evidence that suggests this is reasonable.

Phase RSA1024 out? I vote for it. Where's the ballot? :)
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

Ryan Sleevi
On Mon, March 16, 2015 1:06 pm, Erwann Abalea wrote:
>
>  Phase RSA1024 out? I vote for it. Where's the ballot? :)

This is a browser-side change. No ballot required (the only issue *should*
be non-BR compliant certificates issued before the BR effective date)

https://code.google.com/p/chromium/issues/detail?id=467663 for Chrome, but
unfortunately, can't share the user data as widely. Perhaps Mozilla will
consider collecting this as part of their telemetry (if they aren't
already)

This still leaves 'internal CAs' as an open issue. However, we can limit
the enforcement to signatures that chain to a trusted CA, significantly
reducing the risk to end users of state-sponsored key factoring of
1024-bit keys. Which is certainly a reasonable concern, even for the most
paranoid.

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

Brian Smith-19
Ryan Sleevi <[hidden email]> wrote:

> On Mon, March 16, 2015 1:06 pm, Erwann Abalea wrote:
>>
>>  Phase RSA1024 out? I vote for it. Where's the ballot? :)
>
> This is a browser-side change. No ballot required (the only issue *should*
> be non-BR compliant certificates issued before the BR effective date)
>
> https://code.google.com/p/chromium/issues/detail?id=467663 for Chrome, but
> unfortunately, can't share the user data as widely. Perhaps Mozilla will
> consider collecting this as part of their telemetry (if they aren't
> already)

The Fx telemetry is
https://bugzilla.mozilla.org/show_bug.cgi?id=1049740 and the Fx bug
for removing support for <2048-bit certificates is
https://bugzilla.mozilla.org/show_bug.cgi?id=1137484.

Cheers,
Brian
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

helpcrypto helpcrypto
If I understand correctly, dropping will be "at browser level", ie: end
users won't be capable of "using" their legacy certificates.
So far, only SSL certificates < 2048 were shown as unsafe in Chrome. Am I
right?

Chrome [1] plans dropping 1024 by the end of the year. Firefox [2] is goind
to drop it also in the near future.
Do you guys heard something about Microsoft/IExplorer?

BTW, Ryan...what are the "reasons" for this not affecting android? and OSX?

[1] https://code.google.com/p/chromium/issues/detail?id=467663
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1137484

Thanks
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Remove Legacy TLS Ciphersuites from Initial Handshake by Default

helpcrypto helpcrypto
ping?

On Tue, Mar 17, 2015 at 5:15 PM, helpcrypto helpcrypto <[hidden email]
> wrote:

> If I understand correctly, dropping will be "at browser level", ie: end
> users won't be capable of "using" their legacy certificates.
> So far, only SSL certificates < 2048 were shown as unsafe in Chrome. Am I
> right?
>
> Chrome [1] plans dropping 1024 by the end of the year. Firefox [2] is
> goind to drop it also in the near future.
> Do you guys heard something about Microsoft/IExplorer?
>
> BTW, Ryan...what are the "reasons" for this not affecting android? and OSX?
>
> [1] https://code.google.com/p/chromium/issues/detail?id=467663
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1137484
>
> Thanks
>
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto