Closed Bug 1211248 Opened 9 years ago Closed 8 years ago

Reinstate Camellia as a cipher

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: mark, Unassigned)

References

Details

As part of the "Proposal to Remove legacy TLS Ciphersuits Offered by Firefox" that I was pointed to in bug 1211210, it seems you have removed the Camellia cipher from offered TLS cipher suites. Bug 1036765 IIUC.

You are basically restricting Firefox to AES only, and have even gone ahead and removed the preferences for other suites in Bug 1037098.

I think this was a mistake. Camellia is a secure cipher with no known weaknesses[1], is actively-used in Japan[2], and should be a valid cipher for the browser to use along with AES. Cryptographic strength is very similar to AES.

You're pretty much putting all your eggs in one basket here.

[1] https://en.wikipedia.org/wiki/Camellia_%28cipher%29#Security_analysis et al.
[2] http://www.ntt.co.jp/news2013/1303e/130326a.html
We will not add any non-PFS ciphers or CBC mode block ciphers.
Depends on: 940119
Camellia CBC will not be reinstated. Camellia GCM is bug 940119, which might be done eventually. If what you're after is an AES-GCM competitor, you don't really want Camellia, as it's rather similar to AES. What we really want is ChaCha20+Poly1305 (bug 917571), which is almost certainly going to be implemented in the not too distant future. It's waiting on official standardized codepoint assignment in the IETF, after which it's currently agreed to be listed as secondary MTI along with AES-GCM in TLS 1.3 (still in early draft) and some sites already support it with TLS 1.2.

I recommend closing this as WONTFIX or duping to the Camellia GCM bug.
FYI: Camellia offers PFS when combined with proper key exchange. It's also not adding something new, it's a request to undo an incorrect removal for apparently incorrect reasons. Camellia is neither legacy nor insecure and should not have been removed from Firefox. If you are still supporting AES-CBC ciphers in addition to AES-GCM, then you should also support Camellia-CBC ciphers. 

Not doing so is a mistake and very biased, IMNSHO.

I agree adding Camellia-GCM is a good way forward, for implementation of new ciphers, but your removal of the CBC variant has been very premature and for the wrong reasons.
(In reply to Mark Straver from comment #0)
> You're pretty much putting all your eggs in one basket here.

By the same logic, you should enable more than one bulk cipher on your server. RC4 doesn't count here, of course.
(In reply to Masatoshi Kimura [:emk] from comment #4)
> By the same logic, you should enable more than one bulk cipher on your
> server. RC4 doesn't count here, of course.
What are you talking about?
Bug 940119 stalls. Firefox has supported ChaCha20-Poly1305, so the "all eggs in one basket" argument no longer holds.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.