IETF Logo Mail Archive

Re: [Cfrg] New guidance from NSA on cryptographic algorithms

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 28 January 2016 18:53 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11B341B2FAD for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 10:53:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ded1zGM56ZOn for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 10:53:48 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6C331B2FAC for <cfrg@irtf.org>; Thu, 28 Jan 2016 10:53:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 69C46BE55; Thu, 28 Jan 2016 18:53:46 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Zz_7NhhZjF3; Thu, 28 Jan 2016 18:53:45 +0000 (GMT)
Received: from [10.87.48.91] (unknown [86.42.24.11]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id BEE28BE51; Thu, 28 Jan 2016 18:53:44 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1454007225; bh=p/WdSrBVSZ3x4s+Zt2WIattlATqejSnqmuG7WWvU5sI=; h=Subject:To:References:From:Date:In-Reply-To:From; b=AzfRZJfxHjiasYLvxtcrnpxSjvL6l9wLX1Hc2Q2ubtY6750ZfgHKYgQKivfexYZw4 shPyB5x2S1/bf8zZQhEnezaANIJoYWzL8joPA2TmsdwC/0lu9Vc+WayTLurW1RWM3F HoJmOVKnNW4+DesdVSWmLjUE/63pjfVYSIUPmAN0=
To: "A. Huelsing" <ietf@huelsing.net>, cfrg@irtf.org
References: <7C5502DA-0F6C-49CC-8D8A-5ED563109662@vigilsec.com> <7FEEF4D2-DCEB-47E4-9159-034BB5209844@vigilsec.com> <CAMm+LwhXHsnTitXAUZjBQ4BEtoWFk9DJ6gMEnTf-JQXya0s1Nw@mail.gmail.com> <20160127173529.GA8791@LK-Perkele-V2.elisa-laajakaista.fi> <D2CE6F5E.26147%uri@ll.mit.edu> <CAMm+LwiJ89gGSt7bntAOHNY9ef1kQMfgsDf6fvhruKqXwLipCQ@mail.gmail.com> <alpine.GSO.1.10.1601272219010.26829@multics.mit.edu> <56A9EA71.7070208@cs.tcd.ie> <CAMm+LwjFLQtePKKdLKWo6YqhDCCWDQcZfcFRGwTXWgk7mj6JyQ@mail.gmail.com> <56AA4616.5020108@huelsing.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56AA63B8.6080304@cs.tcd.ie>
Date: Thu, 28 Jan 2016 18:53:44 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56AA4616.5020108@huelsing.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/5IN5o6Z2n7PuaUSaDUrmX9NkHjY>
Subject: Re: [Cfrg] New guidance from NSA on cryptographic algorithms
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 18:53:49 -0000


On 28/01/16 16:47, A. Huelsing wrote:
> So you would honestly want to sell privacy just because signatures and
> ciphertexts (for public key encryption) would slightly grow when using
> post-quantum crypto? 

Slightly grow seems somewhat optimistic, but who knows.

Anyway, no - nobody sensible would want to give up the benefits
of asymmetric crypto. However, it could be that we end up with
no choice, if PQ key establishment algorithms do not turn out
usable. I've no idea of the liklihood of that but investigating
how Kerberos-like solutions may look seems to me like a fine
thing to know about, just in case.

And who knows, but maybe there'd be ways to not have the KDCs
involved be operated by big business/big brother. Not that I
can think of any right now;-)

S.

v2.23.0 | Report a Bug | By Email