Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Nico Williams <> Mon, 27 July 2015 21:06 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B05A51B33E2 for <>; Mon, 27 Jul 2015 14:06:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QyPnCgJ7Ledi for <>; Mon, 27 Jul 2015 14:06:20 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 25EE41B33DB for <>; Mon, 27 Jul 2015 14:06:20 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id BBE2A554089; Mon, 27 Jul 2015 14:06:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to;; bh=JlCq0PB56eUjqT A7Z3uZRlRO4XE=; b=RYb3bN1dsjZ1biZiXtCBCVUgMz1O7bZkD+/w2+qDvaaNlR FCBpEgoFAA7qBTcb3qz7sYg26blyyCB1jWbRSZ9L0SC9bsykVHQzAFrUyxACpZHY eIVoyBLzSdkXyhwPZ8RwemoVm2FhdqmFYYuRn/n2La9SiTDIekirobNsrVwmc=
Received: from localhost ( []) (Authenticated sender: by (Postfix) with ESMTPA id 9656655407F; Mon, 27 Jul 2015 14:06:18 -0700 (PDT)
Date: Mon, 27 Jul 2015 16:06:17 -0500
From: Nico Williams <>
To: Stephen Farrell <>
Message-ID: <20150727210616.GC29423@localhost>
References: <> <> <20150727194020.GD15860@localhost> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 27 Jul 2015 21:06:21 -0000

On Mon, Jul 27, 2015 at 09:48:08PM +0100, Stephen Farrell wrote:
> Put another way, if we all agreed that rc4 can likely be routinely
> deciphered in N years and if we further agreed that there are a lot
> of plaintexts that will still be sensitive in N years, then there is
> no great difference today between sending cleartext and rc4
> ciphertext, when we consider highly capable adversaries who record
> ciphertext, and we know those exist even if we do not know quite
> how much ciphertext they record, for how long.

There is no great difference for _one_ connection.  There is a great
difference for _many_ connections.  I.e., even weak crypto makes
pervasive eavesdropping significantly more expensive.

That's not nothing.

I don't mind dropping weak crypto that [Viktor says] is insignificant
for SMTP _now_.  But the principle as stated earlier matters as a
principle.  Losing track of that principle may hurt us the next time
we want to deprecate a then-weak algorithm.