IETF Logo Mail Archive

Re: [CFRG] NSA vs. hybrid

Dan Brown <danibrown@blackberry.com> Mon, 06 December 2021 15:19 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD6B3A09F9; Mon, 6 Dec 2021 07:19:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=blackberry.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaAgq76poxc5; Mon, 6 Dec 2021 07:19:30 -0800 (PST)
Received: from smtp-pg11.blackberry.com (smtp-pg11.blackberry.com [68.171.242.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED50D3A09F7; Mon, 6 Dec 2021 07:19:29 -0800 (PST)
Received: from pps.filterd (mhs401ykf.rim.net [127.0.0.1]) by mhs401ykf.rim.net (8.16.0.43/8.16.0.43) with SMTP id 1B6FEt9i186891; Mon, 6 Dec 2021 10:19:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackberry.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp19; bh=KbgJJ5yVD4tX0NGdbUBQ/fF2Z8EPGphXg1qARJiYyfo=; b=IA2+Bw6S0NuShw0jM/cTg4/jx/XiePv+/ADg20G+gcwdlDrSp9fwxiiNlqCpWUp1W3U0 82JaftyoHEeOQnvbGivHMZIk0YYU8PL49uMh4lIxe67DYZZxLC0qxlqFgwH8yBimAkvp nZu63YFLkTfhpTaViNBywvJravPpiuQ0JVs6fwA6g2knU2JSN/vP70cmMPzEZlg4D1S/ RWE/dQ8gw38ATG6XKXfw2unxhxt1DPjZ4M9cngeFIyUjBM+GGLEYQg1VD5xGVJxa2vOS 9Gf/OYmwsQ7L7fbrNq6SaAK0x48fIzALEtKL7N4sZymwybkjv1kyDxgzNwKBYdTLPAIw EQ==
Received: from xch214cnc.rim.net (xch214cnc.rim.net [10.3.27.119]) by mhs401ykf.rim.net with ESMTP id 3cr4fchvwx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 06 Dec 2021 10:19:28 -0500
Received: from XCH210YKF.rim.net (10.12.114.210) by XCH214CNC.rim.net (10.3.27.119) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Mon, 6 Dec 2021 10:19:27 -0500
Received: from XCH210YKF.rim.net ([fe80::ac8d:3541:704c:478a]) by XCH210YKF.rim.net ([fe80::ac8d:3541:704c:478a%5]) with mapi id 15.01.2308.020; Mon, 6 Dec 2021 10:19:27 -0500
From: Dan Brown <danibrown@blackberry.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] NSA vs. hybrid
Thread-Index: AQHX6XmzO8q+o2Z0gEKXj2BCd9RTd6wlhzJg
Date: Mon, 06 Dec 2021 15:19:27 +0000
Message-ID: <8223d944172648d38426533b0da11325@blackberry.com>
References: <AB168E30-9398-426D-919A-8002110577F8@ll.mit.edu>
In-Reply-To: <AB168E30-9398-426D-919A-8002110577F8@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [100.64.197.166]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_00B0_01D7EA8A.C0A05B40"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-12-06_03:2021-12-06, 2021-12-06 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/xLJzB7AZJqv23uu4rxTMER9tIp8>
Subject: Re: [CFRG] NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Dec 2021 15:19:35 -0000

> -----Original Message-----
> From: Blumenthal, Uri - 0553 - MITLL
> Sent: Saturday, December 4, 2021 8:45 PM
> ...
> My point is: we "should NOT have layered..." then, and we did not - as
> evidenced by pretty much all of the current IETF and proprietary (that I'm
> aware of) protocols.
> ...
> People who designed IPsec and TLS (presumably as smart and educated as
> we are) understood the concept of combining different algorithms as well as
> we do (it's hard not to, given its age).
> ...
> The common sense prevailed back then, and IMHO it would be better if it
> prevails now.

Not offering hybrid, say NTRU & ECC, in the past put us in this pickle now of 
the quantum computer attack risk.
Especially, all the forward secrecy obtained in the past from (EC)DHE is now 
in jeopardy (even for bug-free implementations).
Arguably, it was a smaller bug than others (using http not https, and 
non-forward-secure key exchange (RSA)).
Certainly, there are applications where the gains from hybrid are outweighed 
by the cost, but also applications where hybrid is worthwhile.
Hybrid ought to be option, or IETF WGs should use a cost-benefit analysis per 
application, the CFRG could help there.
(Generally, let's learn from our mistakes. Besides, aren't some users 
naturally inclined to expect the Internet to maximally secure their data? ;)

----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

v2.23.0 | Report a Bug | By Email