IETF Logo Mail Archive

[kitten] New EncTypes?

"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> Thu, 19 November 2015 00:20 UTC

Return-Path: <hbhotz@oxy.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B14B81B3992 for <kitten@ietfa.amsl.com>; Wed, 18 Nov 2015 16:20:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Level:
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gb49Do0D2xPi for <kitten@ietfa.amsl.com>; Wed, 18 Nov 2015 16:20:48 -0800 (PST)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.201.169]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A479F1B3544 for <kitten@ietf.org>; Wed, 18 Nov 2015 16:20:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 1F752E675 for <kitten@ietf.org>; Wed, 18 Nov 2015 19:20:45 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at mailout.easymail.ca
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (easymail-mailout.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s57DtOlqZFuj for <kitten@ietf.org>; Wed, 18 Nov 2015 19:20:42 -0500 (EST)
Received: from [192.168.1.180] (wsip-174-76-19-88.oc.oc.cox.net [174.76.19.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 5A6A3E5D9 for <kitten@ietf.org>; Wed, 18 Nov 2015 19:20:42 -0500 (EST)
From: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <FEF7E228-3AF4-4D12-B4B0-CFB935B5ABB5@oxy.edu>
Date: Wed, 18 Nov 2015 16:20:41 -0800
To: "kitten@ietf.org <kitten@ietf.org>" <kitten@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/JEssJLpEvgv3xFczKYpHgPQMIc8>
Subject: [kitten] New EncTypes?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2015 00:20:49 -0000

It seems to be time to do housecleaning on algorithms selections. Is anyone interested in adding a new enctype to Kerberos?

Why (else)?  Speaking strictly for myself, I’d like to see a mandatory-to-implement enctype that shares *nothing* with the current aes-sha1-hmac stuff. I’m speaking purely strategically and not from any mathematical suspicion of weakness. If someone discovers something fundamentally wrong with the math behind SHA1 or AES, then it might take out SHA2 or Camellia as well.

I have nothing specific against the “suite-B” proposal, but they’re not what I’d like to see. I assume the NSA is too busy riding the “post quantum” horse away from their DRBG fiasco to help finish it.

Just to throw some straw (just straw, not an actual strawman) on the table, how about something that uses one of the European stream cipher finalists with SHA-3?

--------

Finally, is anyone interested in doing a die-die-die draft for triple-des, or rc4?


Personal:  hbhotz@oxy.edu
Business: hhotz@securechannels.com

v2.23.0 | Report a Bug | By Email