Re: [Cfrg] [TLS] 3DES diediedie
Ira McDonald <blueroofmusic@gmail.com> Tue, 06 September 2016 23:37 UTC
Return-Path: <blueroofmusic@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA0A12B03A for <cfrg@ietfa.amsl.com>; Tue, 6 Sep 2016 16:37:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hqp9EoJUteAu for <cfrg@ietfa.amsl.com>; Tue, 6 Sep 2016 16:37:15 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D79BD12B28F for <cfrg@irtf.org>; Tue, 6 Sep 2016 16:37:10 -0700 (PDT)
Received: by mail-oi0-x233.google.com with SMTP id y2so102431530oie.0 for <cfrg@irtf.org>; Tue, 06 Sep 2016 16:37:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=j0mhlXQj8HJvf5ul/6u/x6/NBkB7UvOqSgXc06+qR8k=; b=OyOfj05pi4K4JlfX01DgSnWu5I9+Cqv515d74s5yp1Ol3vKBfk9AUYk5RGHJVFz89M 55NpRoJxHjUI3yDADTdcLAtRGTFOeJBKkzTLRaGA0zMkZS4CZFN1vvj24eXaSWFfWJIQ doYUjgAfJSdEI2RMZx/1hX7bpcioZGPBZDXxF0hMPDq2IHQwB0eeyEU5Y7fxNFr7yKaF eLWerAjssCtTYK+JbPGrgb6RZbpPKwZG2CmhQSPegPiankv8nmrLTUwO+GUinjUXHIkz mxLT8pJYXLuBLm9vYEAg4mUAkCtMG5IdnuS2v6i461RQAIJo+hg7GR9aLpnwnIvC6jm5 fc4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=j0mhlXQj8HJvf5ul/6u/x6/NBkB7UvOqSgXc06+qR8k=; b=RYjSCvM6fzrzNF/JgdlULSFOuvDZxRTRHZltlyTe3JlwN8gpY1qWzWUG/fHP9lAeO5 +a6c8axBFmjzLAFfVipVZ2k9wyfEuXfT4nwas7lHLNL0RZtuGy1/nuzfVlyBRqljHpZE 1hANdqvBlblbPqF9Rl0LccPsDAYRfzXs6Yjlo6l3/iR/UC966qDQaOGbZQmh/z5AvLyJ Blb46mPuGiRFyKzSgbz9gWibHWibvL8Dk9QUfxJ555wTq0/Jby9gKre9ki1va70UauYH ZOPiJ4SWKcgpHkKfMg8Rpd0DVn2ON3AIKygrnMnaKvd9KohlpKkmNifXn7PijZrnTdkE 3Yvw==
X-Gm-Message-State: AE9vXwNSvp9bG/qd1k4RHVzNwLYqBwEID3TRmPXdw7lIkebQl5eD/5Pp9l6d0TZzyMVtf5ZdVlYBicQV/RtOLA==
X-Received: by 10.36.60.131 with SMTP id m125mr2063819ita.4.1473205030237; Tue, 06 Sep 2016 16:37:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.11.67 with HTTP; Tue, 6 Sep 2016 16:36:49 -0700 (PDT)
In-Reply-To: <d1b84ec2-5b02-b285-8304-e3b393d9ee4a@cs.tcd.ie>
References: <20160906114030.18292816.41703.89024@ll.mit.edu> <57CEAE6F.1040608@secworks.se> <sjmeg4wvjut.fsf@securerf.ihtfp.org> <d1b84ec2-5b02-b285-8304-e3b393d9ee4a@cs.tcd.ie>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Tue, 06 Sep 2016 19:36:49 -0400
Message-ID: <CAN40gSv3dOENg_fh-4OFgJ72UFNNX9rr=v2HtoiNaLDMwh21NA@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Ira McDonald <blueroofmusic@gmail.com>
Content-Type: multipart/alternative; boundary="001a114aa2f682396f053bdf463c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/6mWo5-2fj61XXZQMm-qvL9WG_1U>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Joachim Strömbergson <joachim@secworks.se>, Hilarie Orman <hilarie@purplestreak.com>
Subject: Re: [Cfrg] [TLS] 3DES diediedie
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2016 23:37:18 -0000
Hi, I'm usually immediately corrected. But I wanted to observe that, after my recent years working in the auto security area, there are extreme cost constraints (and power constraints) on CPUs in small sensors and smaller auto ECUs. Cents matter. Dollars are out-of-the-question. Auto product development and ISO26262 safety validation cycles mean that today's new project will be fielded in three to five years. FWIW, US NIST is sufficiently concerned about their perception of the need for lightweight crypto to have created a Lightweight Crypto project that will select multiple algorithms based on an open process. They are currently building on previous work in ITU-T and ISO. They recently issued this draft report (in public review until October 31st): http://csrc.nist.gov/publications/drafts/nistir-8114/nistir_8114_draft.pdf One could argue "well then they won't use TLS", which may be true, but's it's a dangerous path IMHO. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com Jan-April: 579 Park Place Saline, MI 48176 734-944-0094 May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434 On Tue, Sep 6, 2016 at 5:23 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hi Derek, > > On 06/09/16 21:44, Derek Atkins wrote: > > I'm afraid I have to disagree here. What's it's done is pushed > > yesterday's computation capabilities into smaller and smaller devices, > > lower and lower on the food chain. C.f. my previous email about a light > > bulb. Cost is definitely a concern, as well as power and performance. > > I think that's true but not the entire story. > > Another part of the trade off is that any device that > connects to the Internet and runs s/w is potentially > vulnerable and usable to attack the network. > > So we're not only talking about security/crypto to > protect someone's choice of what colour a bulb appears, > but rather we're very often talking about the protection > of a small computer on the network, and of the security > of the network as a whole. > > That last I think argues strongly for support for > sufficiently good crypto everywhere. And I'm not sure > what sufficiently good options exist that are notably > lighter weight than AES. (And if one does support good > crypto then there seems less reason to use less good > crypto for some functions.) > > Note that I'm arguing against weaker crypto or crypto > of unknown or possibly-problematic provenance here. So > I'm not arguing for HW-AES-everywhere. But it is also > true that AES-everywhere would avoid this significant > problem. > > That said, I do realise that this is not a winning > argument as people will develop feature-rich devices > with crap security and there's no device-police to stop > them, but we (as in cfrg) should really also bear in > mind that any weaker crypto anywhere has significant > downsides as many devices really do need what we currently > consider strong crypto because they connect to the > Internet and may not get any updated s/w for quite some > time. > > So... it's tricky - I think we know what's right but we > also know that that's not what "the market" is going > to produce;-) > > S. > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > >
- Re: [Cfrg] [TLS] 3DES diediedie Viktor Dukhovni
- [Cfrg] 3DES diediedie Tony Arcieri
- Re: [Cfrg] 3DES diediedie Benjamin Kaduk
- Re: [Cfrg] 3DES diediedie Tony Arcieri
- Re: [Cfrg] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie John Mattsson
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
- Re: [Cfrg] [TLS] 3DES diediedie david wong
- Re: [Cfrg] [TLS] 3DES diediedie Eric Rescorla
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
- Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [SSH] [TLS] 3DES diediedie denis bider (Bitvise)
- Re: [Cfrg] 3DES diediedie Geoffrey Keating
- Re: [Cfrg] [SSH] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [SSH] [TLS] 3DES diediedie David Jacobson
- Re: [Cfrg] [TLS] 3DES diediedie Dmitry Belyavsky
- Re: [Cfrg] [TLS] 3DES diediedie Stanislav V. Smyshlyaev
- Re: [Cfrg] [TLS] 3DES diediedie Hanno Böck
- Re: [Cfrg] [TLS] 3DES diediedie Иван Лавриков
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] [TLS] 3DES diediedie Watson Ladd
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] [TLS] 3DES diediedie Karthikeyan Bhargavan
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] 3DES diediedie John Mattsson
- [Cfrg] (confusing the issues) Re: [TLS] 3DES died… Rene Struik
- Re: [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] (confusing the issues) Re: 3DES … Dave Garrett
- Re: [Cfrg] 3DES diediedie Jon Callas
- Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Jon Callas
- Re: [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Rene Struik
- Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Greg Rose
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] 3DES diediedie Derek Atkins
- Re: [Cfrg] 3DES diediedie Hilarie Orman
- Re: [Cfrg] [TLS] 3DES diediedie Brian Sniffen
- Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
- Re: [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
- Re: [Cfrg] [TLS] 3DES diediedie Richard Hartmann
- Re: [Cfrg] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
- Re: [Cfrg] [TLS] 3DES diediedie Ben Laurie
- Re: [Cfrg] [TLS] 3DES diediedie Ben Laurie
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Salz, Rich
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Watson Ladd
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Dave Garrett
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Philip Levis
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Richard Hartmann
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Salz, Rich
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] 3DES diediedie Yoav Nir
- Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
- Re: [Cfrg] [TLS] 3DES diediedie denis bider (Bitvise)