Re: [Cfrg] [TLS] 3DES diediedie

Ilari Liusvaara <> Thu, 08 September 2016 16:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CB31812B1CF for <>; Thu, 8 Sep 2016 09:38:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.408
X-Spam-Status: No, score=-3.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.508] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CzzhlFTaR03o for <>; Thu, 8 Sep 2016 09:38:32 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 8F27D12B0E2 for <>; Thu, 8 Sep 2016 09:38:32 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 59C3BF3DF; Thu, 8 Sep 2016 19:38:31 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([IPv6:::ffff:]) by localhost ( [::ffff:]) (amavisd-new, port 10024) with ESMTP id aV707naPg51S; Thu, 8 Sep 2016 19:38:31 +0300 (EEST)
Received: from LK-Perkele-V2 ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 275982316; Thu, 8 Sep 2016 19:38:31 +0300 (EEST)
Date: Thu, 8 Sep 2016 19:38:29 +0300
From: Ilari Liusvaara <>
To: Derek Atkins <>
Message-ID: <>
References: <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <>
User-Agent: NeoMutt/ (1.7.0)
Archived-At: <>
Cc: Hilarie Orman <>, "" <>, Joachim =?utf-8?Q?Str=C3=B6mbergson?= <>
Subject: Re: [Cfrg] [TLS] 3DES diediedie
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Sep 2016 16:38:35 -0000

On Thu, Sep 08, 2016 at 11:18:47AM -0400, Derek Atkins wrote:
> My light bulb example that I keep returning to are really only designed
> to speak to the local controller(s).  They don't phone home.  Sure, they
> may have IPv6, and may be running (D)TLS, but their use case is rather
> limited.  They probably don't have a full OS, just an embedded
> firmware.
> So why does this device need to same level of security protection that I
> need when I'm communicating with my bank?  Wouldn't you rather it have a
> lower bar (e.g. 3DES) versus have zero security?  Honestly, that's the
> fight I'm fighting here with manufacturers.  They say encryption is too
> expensive, so they would rather do nothing.  I'm trying to give them
> something, anything, to get the bar raised.  Even single DES is better
> than nothing (although if they can do 1DES they can do 3DES).

Because having the "lower bar", especially with "standard" protocols
lowers security FOR EVERYONE ELSE. Whitness the long litany of attacks
against TLS that exploit stuff that should have been nuked a long time
ago (but was kept for "compatiblity"; and similarly for other protocols).

(And the bad crypto is just a tip of the iceberg when it comes to the
insecurity of IoT stuff, and the reasons why I really don't want to
deal with any IoT devices if I can help it at all).