IETF Logo Mail Archive

Re: [kitten] draft-kaduk-kitten-des-des-des-die-die-die-01.txt

tom p. <daedulus@btconnect.com> Fri, 07 April 2017 16:36 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7D67129540 for <kitten@ietfa.amsl.com>; Fri, 7 Apr 2017 09:36:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.697
X-Spam-Level:
X-Spam-Status: No, score=-4.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RkEgLmynPqQc for <kitten@ietfa.amsl.com>; Fri, 7 Apr 2017 09:36:46 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10091.outbound.protection.outlook.com [40.107.1.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85426129519 for <kitten@ietf.org>; Fri, 7 Apr 2017 09:36:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector1-btconnect-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GhSEqKLPExWLZrHQPYy2WLlg2WgAAsuAqSFMQMPOb3Q=; b=KnQ9A2X17SLFbvMql2y9sPdNNV7puAQUZpxGg2+qhp96PUvXAClMLIoNJOaCK6rd988qRQIKbL64NyspIeHYyMD/185C1M7tiy4d947jsep1mDAnMyOKgyhaB00YZJZwwRN9MKKXi7lf/Bjl5p7RW91EmyNB9dtA83+J9wWxNvU=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=daedulus@btconnect.com;
Received: from pc6 (86.169.157.161) by DB5PR07MB1560.eurprd07.prod.outlook.com (2a01:111:e400:5bc7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1019.8; Fri, 7 Apr 2017 16:36:30 +0000
Message-ID: <005301d2afbc$d6124640$4001a8c0@gateway.2wire.net>
From: "tom p." <daedulus@btconnect.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: kitten@ietf.org
References: <149089878562.15595.17069295528887995710@ietfa.amsl.com> <00f701d2ae23$6d83ac80$4001a8c0@gateway.2wire.net> <20170405155316.GN30306@kduck.kaduk.org>
Date: Fri, 07 Apr 2017 17:31:48 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.169.157.161]
X-ClientProxiedBy: DB6PR0301CA0021.eurprd03.prod.outlook.com (2603:10a6:4:3e::31) To DB5PR07MB1560.eurprd07.prod.outlook.com (2a01:111:e400:5bc7::10)
X-MS-Office365-Filtering-Correlation-Id: d1142920-e05a-40a3-5b71-08d47dd43ea7
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201703131423075)(201703031133081); SRVR:DB5PR07MB1560;
X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB1560; 3:BZKV/AbyFakUCcoTa+CyJICDBUhChB1iSfF3tuuqCsgRlxS3u/85vVdEs876AkzEKjVJ9pQiYzFLGqv4kabSXf1Iie9hStHhQHuFTjQ8//2PAHs5abEiBAMO9FCBweu4RXYrYri2ehXSBvPtKbJwB31LPJc061no+lhXwrz3L6T8cYuAO/Bpi61ELB8H0M4B+4fIaFMTDblDIOraqYLdInuas2ASa+U6Gl6pN3WZX+9t5+QpgbJSSOYWUW+T73snAeYu/sl29j1eH8j/A8LQW6t182v8kGn9RDSSUalYKp8oX5pBQvQdce7DrH81gtjbKBMEDb70MZ7PPpYyeMoD+w==; 25:qMfPERzUEi2Xj4VkfOERr7iSbEDOdxH3RTpWn1JxGB5j7QvP4HIXnBW5RdBvq4JHTEUR4yEy4SKqbHZdaIm54/UDP5jr8rqv5M1VIe7S5mnGqOtLIpJYVHgxr4PbZ9m8MyVlg+hNGOgw/jFHwN7iC9Y7H25LfKntlkAuKGHChGOWpULLGtj6yv+oHDhNjBmhoEtpsjgbH1q5EjI0/03piMyB1vS2uGTIO6Xeu65mu+QYtliWHIjSDH7YYD64ldGZj6ZNSAJzVQsX8xR/m4EivQuUFRpCwy/cU9JA3FVn0UISIURgJ9jNBBq7f7f5yxQ2B8hPRicCFV+yAp+rFfp/H5FIN+GImSo/USbryNbxGhRS0MG+5dgoZthyMy4qwt4co55Y7Ipwmr9kdrxrEUNBocojv7z/XjZJgkQgNZnzvla75Fl9Mmi0cl8qfKIPUF4Od2YENqnHSD0LQYWOaA5v2g==
X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB1560; 31:nwINIaXKDRg6y4KMzLHmtI/LPCsvpIkVPlsiGJDLYMkU2Huui+2nsoEgZqEa3q9lr3VYUOXD7Y0WUWVxHMZYXnlK4W1Ipk6y9PyARPhd1CoCa+711jCl5AEpRmOMXveNpB+ajpUqjb3aVOCBriQpJVFJzcfBm19Pj7krVl52oANNk3fnkziAS/gkT15+XocAUjUCPH3y9Y0Bv62GcY7ksLlu2it1qJ02jkgm3s0I0Ef4ua3DtJakFTf8VbtoOp1a8ts8+AcDlwU1u79dtkYKz6GWh/+tUH0BF/yXbBkIRk4=
X-Microsoft-Antispam-PRVS: <DB5PR07MB1560B693DE3B952693383203C60C0@DB5PR07MB1560.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(178726229863574)(100405760836317);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(6072148); SRVR:DB5PR07MB1560; BCL:0; PCL:0; RULEID:; SRVR:DB5PR07MB1560;
X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB1560; 4:xUplWhAUi4GyvSTFe3rZp8ggd6k6Z2Z4+Ly179jkwgE8aHMprKazFjNVvcWWeXoN3+GtURXu+rJieGW5id2yVfbnGF1qMBt6bzraMaPY4AVl0W8WVO5d7qMQF5W6ai59sx4q8tjvqdwovuXJipUEFRdOocrO85/ic+GO/UfgophmZ36+e29VJmAQgLCWWi9b2HXOLSQxmWd57HjRUeNnTEMPouOrNX4qt98KTQMCr/IOI6FuzpdJWCCEjhArG0wgVR/CkNS+USz2vVLtxcpJYUMHalrtLlaiA9xE+WsWbIPzVBfsIuBfCfcMdBiq5uwzJ+HSYIehrgpMnq+Dksl8vrOgnfJrhhXOyi+YAoqjmZqgDxJfCMDGEY0qjUboPwx5OWdHsSbBI/a6x6g9qI125FnkXOSjc+XY/L9Z+JeJ8jmmuuO1zWQoSWjGAb+vMRmyTqD0/kC3rLWvCZxO6QUce2mB5rOKUJSN3oNzGEd5BTrWIYdHM35SpvIObO6ZwRn1qTjWx2FSeUNIc9NJRh66/98kfacmZzt2c6pGDNIP9zjuQeRv+7EZ4UQmGg876ZbX3M1GBh3KoX27h8Cb9uCS+AUmnHrerGjWwbFDF+VQgvV81O2blKO8o3ifSrplDZMMUYSde8g6WXoBvbQtjAE5c91NtzF3RVnp6lu+ja0uDmZ+IUapM9uweX9phMnqytVaKvBLXIkerCyNfBB37+C7x3tWbBBXZ+BGVBnvu5XgIiNGcPkaG+D2ie0+SUrOf9CzNaQ3AjFJ6Y2SeOMWw8DfN7Vx6cdsiPWi7Kpaw5UPsJY=
X-Forefront-PRVS: 0270ED2845
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(39860400002)(39450400003)(39410400002)(39400400002)(39850400002)(39840400002)(189002)(13464003)(377454003)(24454002)(199003)(51444003)(6666003)(4720700003)(110136004)(23756003)(5660300001)(6916009)(38730400002)(42186005)(50466002)(1456003)(14496001)(61296003)(84392002)(4326008)(2906002)(6246003)(305945005)(7736002)(6496005)(1556002)(86362001)(2171002)(33646002)(3846002)(66066001)(6116002)(189998001)(81686999)(81816999)(50986999)(76176999)(47776003)(6486002)(230700001)(44736005)(53936002)(50226002)(8676002)(81166006)(229853002)(62236002)(230783001)(44716002)(9686003)(116806002)(25786009)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5PR07MB1560; H:pc6; FPR:; SPF:None; MLV:nov; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB1560; 23:rXaej0bxpSpJHm0/nDf0GNV0AnnVWdzUfclJqmGbRqVxrpT0wG16DNuqFlKURNWjI19Bk+r7zY/teqfgm6+qa/6db8BRj6RXSv8HVXp9qDbeXStkz4SvdyKwfA8OzMZdjYONJ+dc3gQ5tiHCooZ6eoMjF8o/Vb393RK6xl6z/rpHNqq4cxNYzaGTtDexOE6zLQN3RuVx4QM5Vw+JICKN1Qr4bLpcKpOn1aZ0MQGtS0rfaw20YfZfvdGtM7AVL1LGdEdckOuITQvFH0IFVFH+yHYwyZvkSiESS27NFixmcpXhj67SlUFwqTWM1rx9sbqDtbLaPUS7vgHWU6qu4RdNyMd8TFwWY28uPQ7GjLB6Wfnr77G7ujZHN+xRZKSYKC90J1ViCpXeJOtzR60NE7MHPTgj9uQj/IZ3y5zBj99VAxR7ubVCecATTJxB79x3a+UrboVY01Keh7e0oiCRXhOSrML5UDOStlQJnUnrjD7YzF5mcgANBHXuO1qPySWgTnbGfbWJy/eJv5N/blsdFZtZRKXJm9LUuIU1vtjONsG4hiy0SA+lK3bI7ItMYVKFew74e3ALNkhblGWrZnXu0dVgtJikZZGtEFZnW8hNMDLPMdGpH2Kvl0/aBNGk1JUNjEK/8zgNvknSEcdCkG0UL66hAzk2x5i0INgfxBqG5igG68jCnZGYcDT6iQMw67HQxk90PRvjwDLocKllxnDPnbrxLKPq8uIuZ37cxMRuDa9hl2PFRvA3Q00mjVSybG6wGt0n5tDusem4IQ/CKnTc8AgxLokqrdi1RJRoKD6C8AyDAKC5A60SRhndiGggLO5G4kE0s9791ZixMyshyohO1smTnCfN5wv4mqCTztaG2FHCQX/ZpOfzWFAnpvOLNg8x6zwlxmH5fx2BXFxWw7xVAt06aqnsyzBCeKubcB8bYC921sjFcOo9cO+AMleAU9QAKLkYJ7WPjWX8ryhPATfVYoo1P+dBFIZ5er58/ZNETYgq+psRJxeTMB65peRvQqvG+b+j0Fu6m9pX9MhGzGUdJGHLtPSdqBnv0vNAk8T56Wi7/sVRyrp3SlmQwisxqi+f6Ot+p25BGCt4PO4aYBqBY13CZiE/gsW1ESbC7ud8IyB4NRIgSZKy8oCVKKhHfhe4hmYtahOIVfC/8kPSCK9NcDTezNPUtoam6aGhJDDAjhinQNwD9dY+SKWoL+VkTv6pmVOcKzTTtMu4pCvTAPMsQ4+YB4ykGfV4HwZCl1TR9PDTgpHMFA3Ju/8jOsnB/7R0Y3DBGAQCfPwUOYBN78OvLLC3HlH0wrZ4srrp/5E6qmi2r20sG4JoicN+0MTLnb6ukiAYbQbspUpZoFI15X7PVpn47EJw6X29pfYz/uHZ5AEOapLC13iV+/BoOIRFi3qoPlTCurNzIGwJZDpe697dD6HTla5izC8SN5pUsrsYF8LyRNu9e6fhPoJuEGmS8nwB6sHD
X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB1560; 6:s1FQqL8tNgkM0Q6gyweY7tLk8/zXffFH42lxh8kv3ejLGNINXSCR51HGgXhrKsMjrpGU4WJjy4LYf4JKEiZzleQJOQnviSsVDzl8tqVakxbKTC4/OyXRKu0J5h7tK7fmiqRoxQ6yFaOF5KbWYzyfgvAMSYErAHP8q3DDVGDbylRgnxtOUenGzsbmTWeNoQ4VNNOAi8bofb5XZTVH6YvwHnFlaWgMTAjgFgDUGMqBEI5TxZED2zU7XRRlS6Q5uNjopCcz/aKVSU0oetaG88k7K6IdU3uvXhxCNSrIgzytnWnJ0sAoJAjgWmTP7OSgSE8xDpbHvL4CnH+mMdv+0kBjeYagyjDsCSwudoTeyliCDSp+rHYojz773Vt8OIK6ljWsgZOYVUuz6lkIN6Ufy1rOcJW4XyJ4C8W0UXnbZYLiHvPuDnssg5nkiF/Mwp5aWnHPx1BYjcGqN+KB8AIxXs0FXg==; 5:tJpOSnW6E4FHTZiDgclqzjGCrSehDbHO0KS2rhSnyzSFxa3THsp0iSWQXcQZkuW2AYhI4AP4XNWf+4ndht6JVd73DUs1LXfwJkMCuUeBpnCalpzF/3XKz/p7a8K0+9n+28wqWUDlZUbSbmJho+12dQ==; 24:xiXoS/aZ330pgCfZ4VMluov4LszbR6+qvMyF6cUEaFq7il+btRgQthZBtZFei5dHmVHz4sfZjN/NIbsu8sGFchs9B5Z+nu4glw9Zl94HIE4=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB1560; 7:3ZDvca0goS/1lOue0UPcv6jIEotTCnGKoJkYEBdObnnZalEnZIOj/jN5EiC7jme6ngpwTY5rDnLcoL3n4iRke3C8yMuqX1Y+UDJ7vOYks+f68f9T2gnpnW2u+Qrj5r53QsJIJnxw+yfmXzio0pTVDJHuToMQmXuY7RazULg1eNh8Pybnoql70Jz1ulfVvNWNA0yJ1DHzf2FpQH6KzsN7f47rO4qHKBEp+ftV1Awr4+/ED9vcl9MsrvjlXVcesHcITxL4KkxBF64z/Sxxj+TmZETRZ5AX1jnchuOV/J5hJ+GPilq5le6wx2G/en+/QgNke5Nj7q4TVtevzVX2Q5yxZA==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2017 16:36:30.1564 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB1560
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/ApTBigNDyFxwuY8NmA3Dyv9The0>
Subject: Re: [kitten] draft-kaduk-kitten-des-des-des-die-die-die-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 16:36:49 -0000

----- Original Message -----
From: "Benjamin Kaduk" <kaduk@mit.edu>
To: "tom p." <daedulus@btconnect.com>
Cc: <kitten@ietf.org>
Sent: Wednesday, April 05, 2017 4:53 PM
> On Wed, Apr 05, 2017 at 04:43:46PM +0100, tom p. wrote:
> > From the title, I was expecting an equivalent to RFC7465 but that is
not
> > what this is; I think it should be.  Which WG is best placed to do
this,
> > I am easy about.
>
> I'm not sure I understand the question.  You are interested in
> prohibiting triple-DES cipher suites from use in TLS?  That would
> best be done in the TLS WG.
>
> This draft was given its name as a homage to RFC 6649, which AFAIK
> was the first document to use that construction.

Ah, I am not as well informed as you.  I first came across the name of
that form with RFC7465 and assumed that that was the one you were
following.

Having read RFC6649, I still think that RFC7465 is the way to do it.
The Abstract of that RFC gives me very clear guidance as to what to do.
This I-D I find less clear
"The 3DES and RC4 encryption types are steadily weakening in
   cryptographic strength ..."
leaves me wondering; would a dose of iron or vitamins restore their
strength?  Well, no:-) but I want clear guidance, not the evidence from
which I have to work out my own conclusions.

RFC7465 - wisely - avoids the word 'deprecate'; it tells users what to
do, what the advice of those more expert in the field is.  I have seen
discussions on several lists as to what the word 'deprecate' means, with
no consensus, no definition.  We do now have a definition in
leiba-cotton- -5226bis and since you are proposing to update IANA, then
that is the definition you are going to get, like it or lump it, so if
that is what you mean, you should have that as a Normative Reference; if
not, then I think that you should avoid the word 'deprecate' as RFC7465
does.

Tom Petch

> -Ben

v2.23.0 | Report a Bug | By Email