Re: [Cfrg] [TLS] 3DES diediedie

Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 08 September 2016 16:38 UTC

Date: Thu, 08 Sep 2016 19:38:29 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Derek Atkins <derek@ihtfp.com>
Message-ID: <20160908163829.62d7xqz3yxubuy4a@LK-Perkele-V2.elisa-laajakaista.fi>
References: <20160906114030.18292816.41703.89024@ll.mit.edu> <57CEAE6F.1040608@secworks.se> <sjmeg4wvjut.fsf@securerf.ihtfp.org> <d1b84ec2-5b02-b285-8304-e3b393d9ee4a@cs.tcd.ie> <sjm8tv3vkzs.fsf@securerf.ihtfp.org> <a69a0ee2-c101-54ac-ed72-a23b05925e3b@cs.tcd.ie> <sjmvay6to6g.fsf@securerf.ihtfp.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <sjmvay6to6g.fsf@securerf.ihtfp.org>
User-Agent: NeoMutt/ (1.7.0)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/j5BwPVdLAFrICxDo8kWzDoASDoA>
Cc: Hilarie Orman <hilarie@purplestreak.com>, "cfrg@irtf.org" <cfrg@irtf.org>, Joachim Strömbergson <joachim@secworks.se>
Subject: Re: [Cfrg] [TLS] 3DES diediedie
Precedence: list

On Thu, Sep 08, 2016 at 11:18:47AM -0400, Derek Atkins wrote:
> 
> My light bulb example that I keep returning to are really only designed
> to speak to the local controller(s).  They don't phone home.  Sure, they
> may have IPv6, and may be running (D)TLS, but their use case is rather
> limited.  They probably don't have a full OS, just an embedded
> firmware.
> 
> So why does this device need to same level of security protection that I
> need when I'm communicating with my bank?  Wouldn't you rather it have a
> lower bar (e.g. 3DES) versus have zero security?  Honestly, that's the
> fight I'm fighting here with manufacturers.  They say encryption is too
> expensive, so they would rather do nothing.  I'm trying to give them
> something, anything, to get the bar raised.  Even single DES is better
> than nothing (although if they can do 1DES they can do 3DES).

Because having the "lower bar", especially with "standard" protocols
lowers security FOR EVERYONE ELSE. Whitness the long litany of attacks
against TLS that exploit stuff that should have been nuked a long time
ago (but was kept for "compatiblity"; and similarly for other protocols).

(And the bad crypto is just a tip of the iceberg when it comes to the
insecurity of IoT stuff, and the reasons why I really don't want to
deal with any IoT devices if I can help it at all).

-Ilari

Re: [Cfrg] [TLS] 3DES diediedie Viktor Dukhovni
[Cfrg] 3DES diediedie Tony Arcieri
Re: [Cfrg] 3DES diediedie Benjamin Kaduk
Re: [Cfrg] 3DES diediedie Tony Arcieri
Re: [Cfrg] 3DES diediedie Tony Arcieri
Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
Re: [Cfrg] [TLS] 3DES diediedie John Mattsson
Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
Re: [Cfrg] [TLS] 3DES diediedie david wong
Re: [Cfrg] [TLS] 3DES diediedie Eric Rescorla
Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
Re: [Cfrg] [SSH] [TLS] 3DES diediedie denis bider (Bitvise)
Re: [Cfrg] 3DES diediedie Geoffrey Keating
Re: [Cfrg] [SSH] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
Re: [Cfrg] [SSH] [TLS] 3DES diediedie David Jacobson
Re: [Cfrg] [TLS] 3DES diediedie Dmitry Belyavsky
Re: [Cfrg] [TLS] 3DES diediedie Stanislav V. Smyshlyaev
Re: [Cfrg] [TLS] 3DES diediedie Hanno Böck
Re: [Cfrg] [TLS] 3DES diediedie Иван Лавриков
Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
Re: [Cfrg] [TLS] 3DES diediedie Watson Ladd
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] 3DES diediedie Peter Gutmann
Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
Re: [Cfrg] [TLS] 3DES diediedie Karthikeyan Bhargavan
Re: [Cfrg] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] 3DES diediedie John Mattsson
[Cfrg] (confusing the issues) Re: [TLS] 3DES died… Rene Struik
Re: [Cfrg] 3DES diediedie Ilari Liusvaara
Re: [Cfrg] [TLS] (confusing the issues) Re: 3DES … Dave Garrett
Re: [Cfrg] 3DES diediedie Jon Callas
Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Jon Callas
Re: [Cfrg] 3DES diediedie Steven M. Bellovin
Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Rene Struik
Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Greg Rose
Re: [Cfrg] 3DES diediedie Peter Gutmann
Re: [Cfrg] 3DES diediedie Peter Gutmann
Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
Re: [Cfrg] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
Re: [Cfrg] 3DES diediedie Derek Atkins
Re: [Cfrg] 3DES diediedie Hilarie Orman
Re: [Cfrg] [TLS] 3DES diediedie Brian Sniffen
Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
Re: [Cfrg] 3DES diediedie Steven M. Bellovin
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
Re: [Cfrg] [TLS] 3DES diediedie Richard Hartmann
Re: [Cfrg] 3DES diediedie Derek Atkins
Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
Re: [Cfrg] [TLS] 3DES diediedie Ben Laurie
Re: [Cfrg] [TLS] 3DES diediedie Ben Laurie
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
Re: [Cfrg] [TLS] 3DES diediedie Salz, Rich
Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
Re: [Cfrg] [TLS] 3DES diediedie Watson Ladd
Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
Re: [Cfrg] [TLS] 3DES diediedie Dave Garrett
Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
Re: [Cfrg] [TLS] 3DES diediedie Philip Levis
Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
Re: [Cfrg] [TLS] 3DES diediedie Richard Hartmann
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Salz, Rich
Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
Re: [Cfrg] [TLS] 3DES diediedie Yoav Nir
Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
Re: [Cfrg] [TLS] 3DES diediedie denis bider (Bitvise)