Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Nico Williams <nico@cryptonector.com> Mon, 27 July 2015 22:09 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 115BD1B34C1 for <saag@ietfa.amsl.com>; Mon, 27 Jul 2015 15:09:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6Yo7g_ixQl8 for <saag@ietfa.amsl.com>; Mon, 27 Jul 2015 15:09:32 -0700 (PDT)
Received: from homiemail-a98.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 15E1E1B3278 for <saag@ietf.org>; Mon, 27 Jul 2015 15:09:32 -0700 (PDT)
Received: from homiemail-a98.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a98.g.dreamhost.com (Postfix) with ESMTP id 9D07D554090; Mon, 27 Jul 2015 15:09:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=yiFiJdjoieAJyo eXjObYWTh1V2c=; b=M0G+VArPRrtveeXTQ1RQEMPisN3nglZsW9vjTykwxvAyys WjX1KEMXCmSRUbOBxWDApYZhBPQbQK43VUxTENGSQJYBm0PeGmhE1t8vskeW9IT5 CNGyyHIO4Ej6QCp1+O2VpZb9Sq+ULEjQ1rEouAyl36YSACRSNOML9cLHBH8jo=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a98.g.dreamhost.com (Postfix) with ESMTPA id E975F55408E; Mon, 27 Jul 2015 15:09:30 -0700 (PDT)
Date: Mon, 27 Jul 2015 17:09:30 -0500
From: Nico Williams <nico@cryptonector.com>
To: "Salz, Rich" <rsalz@akamai.com>
Message-ID: <20150727220929.GE29423@localhost>
References: <CD936D80-BEA2-4918-828C-E3A392761EC5@gmail.com> <20150727194020.GD15860@localhost> <55B68C8A.3080006@cs.tcd.ie> <20150727203136.GL4347@mournblade.imrryr.org> <55B69908.2030803@cs.tcd.ie> <20150727210616.GC29423@localhost> <55B69F99.6030009@cs.tcd.ie> <20150727212905.GD29423@localhost> <55B6A577.1080509@cs.tcd.ie> <9aceb3102c1341929bc4c47c7ef9766e@ustx2ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9aceb3102c1341929bc4c47c7ef9766e@ustx2ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/g6mJMCN7nntnFvk0_DdOzy7WcEE>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2015 22:09:33 -0000

On Mon, Jul 27, 2015 at 09:48:26PM +0000, Salz, Rich wrote:
> > My concern is that workfactor will be small enough in a few years that mail
> > traffic encrypted today will be essentially treatable as cleartext by the most
> > capable adversaries. While the rc4 encryption will add some cost, I'm
> > concerned that'll be too small (again, in a few years).
> 
> My timetable is shorter (two, not a few) but I agree.
> 
> The national-scale adversaries are already scooping up all traffic.

This is true, but remember that cryptanalyzing the identity function is
even easier...  The context here is OS -- don't lose that context.

Eventually between OS and DANE we should get to where we can just
require TLS for SMTP and eventually even authentication of servers.
Then indeed using stronger ciphers will matter more than in then context
of OS right now.

> I used to be highly skeptical of post-quantum crypto, but now I want
> something like whyte's PQ mixin stuff today.

Yes, sure, but one thing at a time.

Nico
--