Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Stephen Farrell <> Mon, 27 July 2015 19:54 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 81DB61B335D for <>; Mon, 27 Jul 2015 12:54:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pHo7xXOKP-Ls for <>; Mon, 27 Jul 2015 12:54:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0077A1B334B for <>; Mon, 27 Jul 2015 12:54:53 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 235CFBE7D; Mon, 27 Jul 2015 20:54:52 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZDFAWbEw5Ptc; Mon, 27 Jul 2015 20:54:50 +0100 (IST)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id C12EBBE56; Mon, 27 Jul 2015 20:54:50 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1438026890; bh=UXFKO/qkSLZ0v13zhmjYGIZ6CWz02EKpSw27ruZ5kAw=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=1qEiwJu90Bie1l/oLIRHsYv2+dAffrYxpExt5FcR03lh2TComEI8XOpfCFjDZAsii Rhm1YfwjgxebHONua7kAvW9HXJ8364CzobEEL+imx9+zV7e9+8ZJZ2gTy/1Q3BM+p6 zK8qJwA0CqwrFTTty/2zK3HIZOVV85pSupC7aonY=
Message-ID: <>
Date: Mon, 27 Jul 2015 20:54:50 +0100
From: Stephen Farrell <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Nico Williams <>, Kathleen Moriarty <>
References: <> <> <20150727194020.GD15860@localhost>
In-Reply-To: <20150727194020.GD15860@localhost>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: "" <>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 27 Jul 2015 19:54:56 -0000



On 27/07/15 20:40, Nico Williams wrote:
> The key thing is that weak crypto must not lead to real-time exploitable
> downgrade attacks.

I think this nicely captures a point where we can have a real
disagreement about OS.

I would prefer if we could agree that:

   OS use of weaker crypto must not allow feasible off-line
   deciphering of ciphertext, no matter the adversary within
   the likely duration for which the average plaintext is

According to the above, 1DES and export ciphers would be completely
out of the question. And rc4 is getting really really close.

And that's completely different to your quoted text above.


I'm not sure we'll reach rough consensus on either side of this
argument though so we may be reduced to silence on the hard part of
the question.