Re: [Cfrg] My comments on TLS requirements from today's interim
Yoav Nir <ynir.ietf@gmail.com> Tue, 01 July 2014 17:27 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD611A03DE for <cfrg@ietfa.amsl.com>; Tue, 1 Jul 2014 10:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYTG_SqxylDd for <cfrg@ietfa.amsl.com>; Tue, 1 Jul 2014 10:27:50 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B7151A03A4 for <cfrg@irtf.org>; Tue, 1 Jul 2014 10:27:49 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id m15so9779781wgh.21 for <cfrg@irtf.org>; Tue, 01 Jul 2014 10:27:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rWYvDQ7jcCBXgcbwnlJG75EG6IfFYHI43649rBirYHc=; b=o6OXEvu6O/q3dFfG+ZESZiSwsApyCSTI6AuFGAnMh45Km+kuw3Am18VITQ0/r0E87O fESk2Ye24C02eFDhwmSeVMuGOfLrZ8wIM4usN/ppSW/qA8lp6TakaJz4BOkdhBqPKpSU wFmGq3CxFPb2RfzwJnIjLSQO/e4N2y/n+cMz1PBlDP1Fj+919Mbl5zWNBYdhPIlIfE1s lAlG6PjjjSdBUgD8Ukf3czbYRxvLIGaJLFZ8fQOBm7WxyqOxPK+iKo+t/ge7M2FBoA4m IGBHyBcwlVu5FeFWRxDsYRNw02aD5vvTJ7V1lDF+TH7lZ9lUOKyntS7AFiIW2z7VeoDt Wdhw==
X-Received: by 10.194.133.1 with SMTP id oy1mr13254340wjb.87.1404235668059; Tue, 01 Jul 2014 10:27:48 -0700 (PDT)
Received: from [192.168.1.104] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id r9sm45409477wia.17.2014.07.01.10.27.47 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 01 Jul 2014 10:27:47 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <53B2E0B4.9090908@brainhub.org>
Date: Tue, 01 Jul 2014 20:27:44 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D01DC81-C422-456C-ACD7-63D2DB66BCB8@gmail.com>
References: <CABcZeBOMUw5fv--ar=r+5KL76UKz7NDU2M=aEYomjfMjSy+Fog@mail.gmail.com> <53B25D54.5080003@brainhub.org> <FB5F9D06-C183-4284-9AAD-B189CDCEC2D8@vpnc.org> <53B2E0B4.9090908@brainhub.org>
To: Andrey Jivsov <crypto@brainhub.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/nK9TxnIRcD2xPjA2dyUC8t40MAM
Cc: cfrg@irtf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Cfrg] My comments on TLS requirements from today's interim
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 17:27:52 -0000
On Jul 1, 2014, at 7:24 PM, Andrey Jivsov <crypto@brainhub.org> wrote: > On 07/01/2014 06:16 AM, Paul Hoffman wrote: >> Trying to predict what NIST will do with FIPS-140 certification is silly. Even they don't know from year to year. The NIST of today is not the NIST of 14 months ago; it is likely that there will be other major shifts in NIST's view of itself and what it has to do to stay relevant. > > You might be surprised that there many product managers building secure products today who never heard of Curve25519 and think that it is silly to even consider any crypto outside of NIST. It certainly makes sense for anyone who plans on selling anything to US government agencies or state and local government bodies in the US. They will have the NIST algorithms. So there’s AES and SHA-whatever, and P-256. But look at browsers. The four most popular are made by US-based companies. And yet they all support non-NIST-approved algorithms in TLS, in addition to NIST-approved algorithms. Currently not EC curves, but at least the people who work for these vendors and participate here and on the TLS list are among those interested. IPsec is somewhat less diverse, but there’s plenty of CAST and Camellia and IDEA and Blowfish and MD5 and Tiger there as well. There’s Camellia at least in SSH as well. If Curve-25519 allowed me to publish a higher figure for “Main Modes per second”, or “full TLS handshakes per second”, I would implement it without thinking twice, making sure to disable it in the special “FIPS mode”. Yoav
- [Cfrg] My comments on TLS requirements from today… Eric Rescorla
- Re: [Cfrg] My comments on TLS requirements from t… Andrey Jivsov
- Re: [Cfrg] My comments on TLS requirements from t… Yoav Nir
- Re: [Cfrg] My comments on TLS requirements from t… Paul Hoffman
- Re: [Cfrg] My comments on TLS requirements from t… Watson Ladd
- Re: [Cfrg] My comments on TLS requirements from t… Andrey Jivsov
- Re: [Cfrg] My comments on TLS requirements from t… Andrey Jivsov
- Re: [Cfrg] My comments on TLS requirements from t… Yoav Nir
- Re: [Cfrg] My comments on TLS requirements from t… Igoe, Kevin M.