Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Yoav Nir <ynir.ietf@gmail.com> Tue, 25 August 2015 22:04 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42D821A923E for <saag@ietfa.amsl.com>; Tue, 25 Aug 2015 15:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cavNsf8vTSJ6 for <saag@ietfa.amsl.com>; Tue, 25 Aug 2015 15:04:37 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8891E1A9234 for <saag@ietf.org>; Tue, 25 Aug 2015 15:04:37 -0700 (PDT)
Received: by widdq5 with SMTP id dq5so27293778wid.0 for <saag@ietf.org>; Tue, 25 Aug 2015 15:04:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Enzoleizd9oTYYMtDeHfNMuX66wKLMx79+g4CjjsK78=; b=dn9yBy2z7KKSPTJPM4gjnyfDF/RR/QUMk1FWzogK6d0ihkc2AUS7k8Q/ZQrFrrHAl9 8jG1G2kaVe9Ekb2aqu+hMwCFN8wv0zY5Cx30E4KPFX6Yq3OezN/OyMk9jRqasIZ2P1EY 6gPCpng4ub9peSjJnq68SjAI4eVa1S8giX3mZu4DP3sSl2Kj2fWVIClK8g/C7BOLwqrd KMfMDXH2deFTCmpDjPsTJ25iLzCPvbaDSa/HuSlyMlR5WDEwmN2qHp1fWbHuJcVSfLl4 Qquns8S5sJodWcleT/6+zF0zqQ7HiQrk0bwfmqB71hPsEuwd3i6v1spQ0moApUa5tfPf ByJw==
X-Received: by 10.194.2.51 with SMTP id 19mr56252383wjr.40.1440540276272; Tue, 25 Aug 2015 15:04:36 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.13.132]) by smtp.gmail.com with ESMTPSA id q8sm4539028wik.24.2015.08.25.15.04.34 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Aug 2015 15:04:35 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <55DC961A.903@cs.tcd.ie>
Date: Wed, 26 Aug 2015 01:04:32 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <A25C2C97-2C03-459C-8167-475B85731D97@gmail.com>
References: <20150728013020.GO4347@mournblade.imrryr.org> <DM2PR0301MB0655CF099FA7C56E9B9D24A9A88D0@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150728053035.GR4347@mournblade.imrryr.org> <CAHbuEH7B3_G9vAhw=U2tuz-Uh8mKMUfL6s=H+BOG96FDZaACig@mail.gmail.com> <20150824212907.GN9021@mournblade.imrryr.org> <619ffebb05ba4e2a9af03a6dcc768d6e@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150824215037.GO9021@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4AE62A1@uxcn10-5.UoA.auckland.ac.nz> <20150825134333.GX9021@mournblade.imrryr.org> <6b5167f3d0684a8a91caa6d37dec65e3@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150825160627.GH9021@mournblade.imrryr.org> <55DC961A.903@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/2KBNoZa5twgV52rx_v4ptqwbM58>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2015 22:04:39 -0000

> On Aug 25, 2015, at 7:21 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>; wrote:
> 
> 
> Viktor,
> 
> (Here we are back at this argument again:-)
> 
> On 25/08/15 17:06, Viktor Dukhovni wrote:
>> In any case, whether it is RC4 now, or some other deprecated
>> ciphersuite in the futre, with opportunistic security one needs to
>> pay more attention to what interoperates than what is unequivocally
>> strong.  The goal is as much security as can be realistically had,
>> not "all or nothing".  I like to make an analogy with vaccination,
>> we're protecting the infrastructure as a whole, rather guaranteed
>> security for a particular flow.
> 
> Do you agree though that there are at least two points in time
> involved when considering weakened or suspect ciphers?
> 
> There is the time you're discussing of when the bad algorithm
> can be turned off without damaging interop of ciphertext form
> packets.
> 
> But there is also the time after which one considers that all
> such ciphertext will in a short while be almost the same as
> plaintext for a capable attacker.

It depends on what that capable attacker is trying to do. If this adversary is attacking *your* communications, you’re right. If the adversary is attempting pervasive monitoring, this stage almost never comes. If every TCP connection today was encrypted with DES a capable attacker could decrypt any connection but not every connection. They couldn’t even decrypt 1% of all connections. So against an adversary engaging in pervasive monitoring, even single DES is significantly better than cleartext.

Yoav