Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

[Perry E. Metzger]

On Thu, 23 Oct 2014 21:50:07 +0200 Florian Weimer <address@hidden>
wrote:
> * Perry E. Metzger:
> 
> > The intelligence agencies thank you for your inadvertent
> > assistance in assuring that various kinds of downgrade, padding
> > and other attacks will remain feasible for years to come.
> 
> Giving incorrect advice, like you do, does not make the Internet a
> safer place, either.

You think telling people they should be using a secure protocol is
"incorrect advice"? Really? You think telling people to keep
providing vulnerable protocols by default is "correct" advice?

You couldn't be suggesting a policy more useful to the National
Security Agency -- this is exactly what they would prefer vendors
do, keep supporting insecure protocols forever, especially ones you
can force people into with downgrade attacks.

The real problem is that many users don't understand the tradeoffs or
that there's even an issue. If the software vendors (and FSF is a
software vendor) keep supporting old protocols forever, they never
*will* figure out they need to upgrade.

To reiterate: all the major sites already use TLS 1.2 with AES. All
open source TLS implementations implement 1.2 and AES. Ceasing to use
SSL 3.0 is simple (even ceasing to use TLS 1.0 and 1.1 is simple but
we're talking about SSL 3.0 here). So, why do we need to support SSL
3.0 again? What's the rationale, other than making the lives of
attackers easy?

> I don't think it makes sense to continue the discussion.  Again, if
> you are looking for something useful to do, rally against RC4, not
> SSL 3.0.

None of the big sites are using RC4 any more, and the open source TLS
implementations supply better algorithms, so what is there to rally
against? Now we have to rally against SHA-1 in certs vs. the use of
newer hash functions -- the world has moved on.

Perry
-- 
Perry E. Metzger                address@hidden