Re: [Cfrg] New guidance from NSA on cryptographic algorithms
Mike Hamburg <mike@shiftleft.org> Thu, 28 January 2016 17:54 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 161B81ACDAB for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 09:54:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqn604AkFObh for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 09:54:46 -0800 (PST)
Received: from astral.shiftleft.org (199-241-202-70.PUBLIC.monkeybrains.net [199.241.202.70]) by ietfa.amsl.com (Postfix) with ESMTP id B0D781A9029 for <cfrg@irtf.org>; Thu, 28 Jan 2016 09:54:46 -0800 (PST)
Received: from [10.104.253.100] (unknown [166.170.37.64]) (Authenticated sender: mike) by astral.shiftleft.org (Postfix) with ESMTPSA id 3756D9FD6D; Thu, 28 Jan 2016 09:54:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shiftleft.org; s=sldo; t=1454003686; bh=W/DkwuIT6ao+YY/ElPqcd8s0+Ou6knIfeRFDqzWjJAc=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=Hulh1Ko1Wtp1UbY4dk8mKgf1h9ZXBwhyHDSmDpIxbaUoYqEX2Y1B4PAlJcXPj6TRQ oW8UdLADCzKmdbXaouw0tJs6kbQTK4yUAxEphCEgjYJmkbuckrfgnRvOoMoYs9MjdR xv7ylFwl+dHD9l79kZeUapZ69xGaPDqFE99mSYTk=
Content-Type: multipart/signed; boundary="Apple-Mail-944D38D5-DA1E-4622-B4C2-979DD17CEFEB"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (1.0)
From: Mike Hamburg <mike@shiftleft.org>
X-Mailer: iPhone Mail (13D15)
In-Reply-To: <56AA4616.5020108@huelsing.net>
Date: Thu, 28 Jan 2016 09:54:45 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <1BB06C1A-C48F-41DE-86A7-9EF636AF559A@shiftleft.org>
References: <7C5502DA-0F6C-49CC-8D8A-5ED563109662@vigilsec.com> <7FEEF4D2-DCEB-47E4-9159-034BB5209844@vigilsec.com> <CAMm+LwhXHsnTitXAUZjBQ4BEtoWFk9DJ6gMEnTf-JQXya0s1Nw@mail.gmail.com> <20160127173529.GA8791@LK-Perkele-V2.elisa-laajakaista.fi> <D2CE6F5E.26147%uri@ll.mit.edu> <CAMm+LwiJ89gGSt7bntAOHNY9ef1kQMfgsDf6fvhruKqXwLipCQ@mail.gmail.com> <alpine.GSO.1.10.1601272219010.26829@multics.mit.edu> <56A9EA71.7070208@cs.tcd.ie> <CAMm+LwjFLQtePKKdLKWo6YqhDCCWDQcZfcFRGwTXWgk7mj6JyQ@mail.gmail.com> <56AA4616.5020108@huelsing.net>
To: "A. Huelsing" <ietf@huelsing.net>
X-Virus-Scanned: clamav-milter 0.98.7 at astral
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/o9YdAyeAfK85-hSds2kkfP17HPg>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] New guidance from NSA on cryptographic algorithms
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 17:54:48 -0000
Sent from my phone. Please excuse brevity and typos. > On Jan 28, 2016, at 08:47, A. Huelsing <ietf@huelsing.net> wrote: > > > >> On 01/28/16 16:04, Phillip Hallam-Baker wrote: >> On Thu, Jan 28, 2016 at 5:16 AM, Stephen Farrell >> <stephen.farrell@cs.tcd.ie> wrote: >>> >>>> On 28/01/16 03:25, Benjamin Kaduk wrote: >>>> There is also the question of what the realm topology would look like -- >>>> in other contexts there was talk of a central "clearinghouse" realm that >>>> would share keys with anyone that asked, leaving trust decisions to the >>>> end parties. But that is not the only possible model... >>> That topic ("realm topology"), including who trusts whom for what, >>> might be a fine thing for a small group of folks to try sketch out in >>> case we needed such. The content might be initial attempts to answer >>> the question "what if we had to use Kerberos everywhere we now use >>> (EC)DH or RSA key transport, what'd that look like at Internet scale?" >>> That work might identify bits of work that could be taken up by the >>> IETF kitten WG later on. >>> Let us imagine that Alice has a shared secret with three distribution >>> centers run by the likes of Comodo, Symantec, etc. that have been >>> established in case of future need. There are 5 billion Internet users >>> and approx 50% have that type of backup plan but no applications are >>> going to use it at all until the need is proven. > > I am honestly slightly confused that this is truly considered a possible > solution that needs analysis. A Kerberos-based web-security model would > mean that the trusted third parties can listen to any "secured" > communication between a user and a service. While this would already be > possible in todays Web-PKI setting (which is horrible enough), the new > issue is that no one could ever detect this attack in the new setting. > This would be the de-facto abolishment of Internet privacy. > > So you would honestly want to sell privacy just because signatures and > ciphertexts (for public key encryption) would slightly grow when using > post-quantum crypto? (Compared to the increase in size of user data like > an average Webpage over the last years the increase in size for > pq-crypto is really small.) > > -- Andreas This seems like it would only be useful in the event that PQ public key encryption turns out to be infeasible, or if we can't find a scheme we trust. Remember, we're very confident that hash-based signatures are PQ-secure, but not quite as much about the encryption or key exchange options. -- Mike > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] New guidance from NSA on cryptographic alg… Russ Housley
- Re: [Cfrg] New guidance from NSA on cryptographic… Andy Lutomirski
- Re: [Cfrg] New guidance from NSA on cryptographic… Michael Hamburg
- Re: [Cfrg] New guidance from NSA on cryptographic… Andy Lutomirski
- Re: [Cfrg] New guidance from NSA on cryptographic… Michael Hamburg
- Re: [Cfrg] New guidance from NSA on cryptographic… Andy Lutomirski
- Re: [Cfrg] New guidance from NSA on cryptographic… Mehmet Adalier (Antara Teknik)
- Re: [Cfrg] New guidance from NSA on cryptographic… Ryan Carboni
- Re: [Cfrg] [Crag] New guidance from NSA on crypto… Scott Fluhrer (sfluhrer)
- Re: [Cfrg] [Crag] New guidance from NSA on crypto… Ryan Carboni
- Re: [Cfrg] New guidance from NSA on cryptographic… Stephen Farrell
- Re: [Cfrg] New guidance from NSA on cryptographic… Ryan Carboni
- Re: [Cfrg] New guidance from NSA on cryptographic… Salz, Rich
- Re: [Cfrg] New guidance from NSA on cryptographic… Ryan Carboni
- Re: [Cfrg] New guidance from NSA on cryptographic… Watson Ladd
- Re: [Cfrg] New guidance from NSA on cryptographic… Peter Gutmann
- Re: [Cfrg] New guidance from NSA on cryptographic… Alyssa Rowan
- Re: [Cfrg] New guidance from NSA on cryptographic… Andy Lutomirski
- Re: [Cfrg] New guidance from NSA on cryptographic… Yoav Nir
- Re: [Cfrg] New guidance from NSA on cryptographic… Russ Housley
- Re: [Cfrg] New guidance from NSA on cryptographic… Tony Rutkowski
- Re: [Cfrg] New guidance from NSA on cryptographic… Phillip Hallam-Baker
- Re: [Cfrg] New guidance from NSA on cryptographic… Ilari Liusvaara
- Re: [Cfrg] New guidance from NSA on cryptographic… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] New guidance from NSA on cryptographic… Phillip Hallam-Baker
- Re: [Cfrg] New guidance from NSA on cryptographic… James Cloos
- Re: [Cfrg] New guidance from NSA on cryptographic… Bill Cox
- Re: [Cfrg] New guidance from NSA on cryptographic… Watson Ladd
- Re: [Cfrg] New guidance from NSA on cryptographic… Richard Outerbridge
- Re: [Cfrg] New guidance from NSA on cryptographic… Robert Moskowitz
- Re: [Cfrg] New guidance from NSA on cryptographic… Mike Hamburg
- Re: [Cfrg] New guidance from NSA on cryptographic… Benjamin Kaduk
- Re: [Cfrg] New guidance from NSA on cryptographic… Stephen Farrell
- Re: [Cfrg] New guidance from NSA on cryptographic… Phillip Hallam-Baker
- Re: [Cfrg] New guidance from NSA on cryptographic… A. Huelsing
- Re: [Cfrg] New guidance from NSA on cryptographic… Mike Hamburg
- Re: [Cfrg] New guidance from NSA on cryptographic… Stephen Farrell
- Re: [Cfrg] New guidance from NSA on cryptographic… Watson Ladd
- Re: [Cfrg] New guidance from NSA on cryptographic… Phillip Hallam-Baker
- Re: [Cfrg] [MASSMAIL]Re: New guidance from NSA on… Grigory Marshalko
- Re: [Cfrg] New guidance from NSA on cryptographic… A. Huelsing