Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 27 July 2015 21:16 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65A001B34AB for <saag@ietfa.amsl.com>; Mon, 27 Jul 2015 14:16:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d4YG5ZomP8ET for <saag@ietfa.amsl.com>; Mon, 27 Jul 2015 14:16:13 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 108B61B345E for <saag@ietf.org>; Mon, 27 Jul 2015 14:16:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2D0E1BE98; Mon, 27 Jul 2015 22:16:11 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJDERDkWiIrI; Mon, 27 Jul 2015 22:16:10 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.19.103]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 0DD19BE75; Mon, 27 Jul 2015 22:16:10 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1438031770; bh=vd01/AQC51qcJuxY2mVDuITCDrockJGGg2F/UoO/0hE=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=GoPFLK4NeTJEl9Z9PKupjPeMFcnpCM4M/onoRlHwiTTcT44+HdCDZEhCKEjCjoGjM Lr77GOM21ovbPiac/TwHEgUAdGki5gED4nYHygLN8QG+k9RAtPPyi0cvcW5aITSpif +vdc/hmXRwptV+e0b7NilcHZy2Q2X+FaPxGMr6go=
Message-ID: <55B69F99.6030009@cs.tcd.ie>
Date: Mon, 27 Jul 2015 22:16:09 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <55A938F1.9090404@cs.tcd.ie> <CD936D80-BEA2-4918-828C-E3A392761EC5@gmail.com> <20150727194020.GD15860@localhost> <55B68C8A.3080006@cs.tcd.ie> <20150727203136.GL4347@mournblade.imrryr.org> <55B69908.2030803@cs.tcd.ie> <20150727210616.GC29423@localhost>
In-Reply-To: <20150727210616.GC29423@localhost>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/GnWkCxymaZAAwxNxO5cx1JTeY2g>
Cc: saag@ietf.org
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2015 21:16:15 -0000


On 27/07/15 22:06, Nico Williams wrote:
> There is no great difference for _one_ connection.  There is a great
> difference for _many_ connections.  I.e., even weak crypto makes
> pervasive eavesdropping significantly more expensive.

Well, I think there's still room for validly reaching different
conclusions about something like rc4 when we consider the various
parameters. (None of which we can really measure.)

Of course I fully agree with the OS approach, but I think we ought
recognise this wrinkle - there are going to be cases where it's
quite hard to do the evaluation of how to apply the OS design
pattern. 1DES is easy everywhere now, but rc4 for email is not
yet easy.

S.