IETF Logo Mail Archive

Re: [kitten] New EncTypes?

Viktor Dukhovni <viktor1dane@dukhovni.org> Fri, 20 November 2015 06:24 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 449EF1A8745 for <kitten@ietfa.amsl.com>; Thu, 19 Nov 2015 22:24:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.701
X-Spam-Level:
X-Spam-Status: No, score=-100.701 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKtYdNSHM3Yp for <kitten@ietfa.amsl.com>; Thu, 19 Nov 2015 22:24:04 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DFCD1A7005 for <kitten@ietf.org>; Thu, 19 Nov 2015 22:24:04 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 5D798284CD9; Fri, 20 Nov 2015 06:24:03 +0000 (UTC)
Date: Fri, 20 Nov 2015 06:24:03 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: kitten@ietf.org
Message-ID: <20151120062402.GJ18315@mournblade.imrryr.org>
References: <FEF7E228-3AF4-4D12-B4B0-CFB935B5ABB5@oxy.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <FEF7E228-3AF4-4D12-B4B0-CFB935B5ABB5@oxy.edu>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/w3sULZdVFIrxRkypD5_jp0UHFMg>
Subject: Re: [kitten] New EncTypes?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: kitten@ietf.org
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2015 06:24:06 -0000

On Wed, Nov 18, 2015 at 04:20:41PM -0800, Henry B (Hank) Hotz, CISSP wrote:

> It seems to be time to do housecleaning on algorithms selections. Is anyone
> interested in adding a new enctype to Kerberos?

Yes, but see below.

> Why (else)?  Speaking strictly for myself, I�d like to see a
> mandatory-to-implement enctype that shares *nothing* with the current
> aes-sha1-hmac stuff. I�m speaking purely strategically and not from any
> mathematical suspicion of weakness. If someone discovers something
> fundamentally wrong with the math behind SHA1 or AES, then it might take
> out SHA2 or Camellia as well.

Sharing nothing is much too radical, unlikely to get much adoption.
There is too much momentum behind AES (hardware support in modern
CPUs, ...) and no substantive evidence of any real concerns (beyond
the long-understood timing side-channel issues with naive software-only
implementations).

> Just to throw some straw (just straw, not an actual strawman) on the table,
> how about something that uses one of the European stream cipher finalists
> with SHA-3?

As a backup, sure, but SHA-3 is quite slow, and has no hardware
support.  The throught of GSSAPI wrap is largely dominated by SHA-1
performance these days.  We'd be much better off with OCB, or
another AEAD mode.

And we could use an updated set of AES enctypes, before jumping to
more exotic stream ciphers.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email