IETF Logo Mail Archive

Re: [saag] A case against algorithm agility (long)

ianG <iang@iang.org> Mon, 05 May 2014 17:27 UTC

Return-Path: <iang@iang.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB511A03BA for <saag@ietfa.amsl.com>; Mon, 5 May 2014 10:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dd9vrjxhmHvM for <saag@ietfa.amsl.com>; Mon, 5 May 2014 10:27:03 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) by ietfa.amsl.com (Postfix) with ESMTP id 2187B1A01BB for <saag@ietf.org>; Mon, 5 May 2014 10:27:03 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id AECEC6D5EC; Mon, 5 May 2014 13:26:53 -0400 (EDT)
Message-ID: <5367C9DC.10009@iang.org>
Date: Mon, 05 May 2014 18:26:52 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <53650F27.6040607@iang.org> <CAK3OfOhGCKPrYzhC46EVAnro6_FEsNVt16Gzx3Ds3zfR2wznOA@mail.gmail.com>
In-Reply-To: <CAK3OfOhGCKPrYzhC46EVAnro6_FEsNVt16Gzx3Ds3zfR2wznOA@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/56nglygeKw_EyueaaeUH_mFugus
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] A case against algorithm agility (long)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:27:05 -0000

On 5/05/2014 16:15 pm, Nico Williams wrote:
> On Sat, May 3, 2014 at 10:45 AM, ianG <iang@iang.org> wrote:

> I also agree that cipher and cipher mode MUST be negotiated as
> registered pairs, not a la carte.  This is pretty clear, and I don't
> know anyone who is arguing otherwise.


Meet the draft:

https://datatracker.ietf.org/doc/draft-iab-crypto-alg-agility/?include_text=1

Especially 2.1:

   Some approaches carry one identifier for each algorithm that is used.
   Other approaches carry one identifier for a suite of algorithms.
   Either approach is acceptable; however, designers are encouraged to
   pick one of these approaches and use it consistently throughout the
   protocol.

Before we go further, can we just agree on what the above says, and what
the draft implies?

I think it says that "a la carte" is acceptable, to use your term.

...

> Nonsense.  The CBC IV chaining bugs were exploited against SSHv2.  We
> were very glad back then to have deployed AES in counter mode as that
> saved our butts.


Any reference to that?



iang

v2.8.7 | Report a Bug | By Email