Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 27 July 2015 21:41 UTC

Message-ID: <55B6A577.1080509@cs.tcd.ie>
Date: Mon, 27 Jul 2015 22:41:11 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <55A938F1.9090404@cs.tcd.ie> <CD936D80-BEA2-4918-828C-E3A392761EC5@gmail.com> <20150727194020.GD15860@localhost> <55B68C8A.3080006@cs.tcd.ie> <20150727203136.GL4347@mournblade.imrryr.org> <55B69908.2030803@cs.tcd.ie> <20150727210616.GC29423@localhost> <55B69F99.6030009@cs.tcd.ie> <20150727212905.GD29423@localhost>
In-Reply-To: <20150727212905.GD29423@localhost>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/5wsnCwNgGVSPqDPDgEVUzMDdnM4>
Cc: saag@ietf.org
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
Precedence: list


On 27/07/15 22:29, Nico Williams wrote:
> On Mon, Jul 27, 2015 at 10:16:09PM +0100, Stephen Farrell wrote:
>> On 27/07/15 22:06, Nico Williams wrote:
>>> There is no great difference for _one_ connection.  There is a great
>>> difference for _many_ connections.  I.e., even weak crypto makes
>>> pervasive eavesdropping significantly more expensive.
>>
>> Well, I think there's still room for validly reaching different
>> conclusions about something like rc4 when we consider the various
>> parameters. (None of which we can really measure.)
> 
> Really?  The workfactor to cryptanalyze one RC4 session is so close to
> 2^0 that it wouldn't make a difference even to a pervasive monitor?

My concern is that workfactor will be small enough in a few
years that mail traffic encrypted today will be essentially
treatable as cleartext by the most capable adversaries. While
the rc4 encryption will add some cost, I'm concerned that'll
be too small (again, in a few years).

>> Of course I fully agree with the OS approach, but I think we ought
>> recognise this wrinkle - there are going to be cases where it's
>> quite hard to do the evaluation of how to apply the OS design
>> pattern. 1DES is easy everywhere now, but rc4 for email is not
>> yet easy.
> 
> The principle is simple and stated earlier.  Again: don't enable a
> Logjam attack, and otherwise allow any weak crypto that doesn't cause a
> real-time downgrade attack on clients that could do better.  I.e., it's
> all about the handkshake's security, not the application record security
> (again, because the application would happily use cleartext).
> 
> (One counter-argument might be that it's difficult to analyze what
> configurations lead to Logjam attacks, therefore better be safe than
> sorry.)

I don't disagree with you that OS ought not enable logjam.

Cheers,
S.


> 
> Nico
>

[saag] AD review of draft-iab-crypto-alg-agility-… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Paul Hoffman
Re: [saag] AD review of draft-iab-crypto-alg-agil… Black, David
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Derek Atkins
Re: [saag] AD review of draft-iab-crypto-alg-agil… Watson Ladd
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… ianG
Re: [saag] AD review of draft-iab-crypto-alg-agil… Black, David
Re: [saag] AD review of draft-iab-crypto-alg-agil… Black, David
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… ianG
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Christian Huitema
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… David Misell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Yoav Nir
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Paterson, Kenny
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Paterson, Kenny
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Derek Atkins
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Watson Ladd
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Joel Sing
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Christian Huitema
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Watson Ladd
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Derek Atkins
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley