Re: [Cfrg] A little room for AES-192 in TLS?

Taylor R Campbell <campbell+cfrg@mumble.net> Sun, 15 January 2017 20:59 UTC

Return-Path: <campbell@mumble.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F021296D8 for <cfrg@ietfa.amsl.com>; Sun, 15 Jan 2017 12:59:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.2
X-Spam-Level:
X-Spam-Status: No, score=-3.2 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OMCxzd8tWbSM for <cfrg@ietfa.amsl.com>; Sun, 15 Jan 2017 12:59:33 -0800 (PST)
Received: from jupiter.mumble.net (jupiter.mumble.net [74.50.56.165]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 195B0128AB0 for <cfrg@irtf.org>; Sun, 15 Jan 2017 12:59:32 -0800 (PST)
Received: by jupiter.mumble.net (Postfix, from userid 1014) id 853FB60A6D; Sun, 15 Jan 2017 20:59:26 +0000 (UTC)
From: Taylor R Campbell <campbell+cfrg@mumble.net>
To: Leonard den Ottolander <leonard-lists@den.ottolander.nl>
In-reply-to: <1484499428.5117.20.camel@quad> (leonard-lists@den.ottolander.nl)
Date: Sun, 15 Jan 2017 20:59:31 +0000
Sender: Taylor R Campbell <campbell@mumble.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20170115205926.853FB60A6D@jupiter.mumble.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/dvp7nYFzWb4ffwFzyxgz3SuBstI>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] A little room for AES-192 in TLS?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2017 20:59:35 -0000

   Date: Sun, 15 Jan 2017 17:57:07 +0100
   From: Leonard den Ottolander <leonard-lists@den.ottolander.nl>

   I would say any encryption scheme worth its salt relies on resistance
   against any kind of attack. With its constant key regeneration TLS seems
   amongst the first use cases where related key attacks could be a
   concern. More so than in f.e. disk encryption.

Only very unusual protocols ever use related keys.  In sensible
protocols, every key is drawn independently uniformly at random.