Assurance

[David Langenberg <>]

On Thu, Sep 5, 2013 at 3:27 PM, Joe St Sauver <> wrote:

Dave commented:

#Well, my concern is more about Protected Channels and TLS.  After Dec 31,
#SHA1 is no good for the digital signatures used in TLS.  Even if you don't
#consider HMAC to be a "digital signature" you still wind up with the
#problem of SP 800-131A listing SHA1 as 80 bit and 80 bit for HMAC
#generation expires Dec 31.  Therefore, your TLS Connection by the
#user-agent to the Identity Provider needs to be using at least TLS1.2 with
#a SHA2 HMAC which in my testing wasn't available wide-spread in browsers
#until just this summer.  The result of us not being able to still use TLSv1
#after Dec 31 will mean massive breakage of users who are not running recent
#browsers.

Since folks are interested in TLS, let me suggest two exceptionally
important articles that were published today:

-- US and UK spy agencies defeat privacy and security on the Internet
   http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

-- N.S.A. Foils Much Internet Encryption
   http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html

The crypto world that we woke up to this morning is not the crypto world
we live in this afternoon.

Well, there isn't much you can do if the gov't gets their claws on either end of the channels pre/post encryption/decryption.  Also, it's no secret that RC4 is broken, and wouldn't surprise me if they even have AES at 128.  However, while it is concerning and upping key-sizes and encryption levels can assist to a degree, my problem here is more a standard that is requiring me to make a change to a core authentication service which is guaranteed to break users who are not running the latest greatest version of whatever their preferred browser is.  

Dave

--
David Langenberg

Identity & Access Management

The University of Chicago