Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Watson Ladd <watsonbladd@gmail.com> Mon, 20 July 2015 03:41 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85C461B2F39 for <saag@ietfa.amsl.com>; Sun, 19 Jul 2015 20:41:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJST2niZnPRv for <saag@ietfa.amsl.com>; Sun, 19 Jul 2015 20:41:15 -0700 (PDT)
Received: from mail-wg0-x241.google.com (mail-wg0-x241.google.com [IPv6:2a00:1450:400c:c00::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F4821B2F33 for <saag@ietf.org>; Sun, 19 Jul 2015 20:41:15 -0700 (PDT)
Received: by wgal16 with SMTP id l16so4480062wga.3 for <saag@ietf.org>; Sun, 19 Jul 2015 20:41:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fHkKGUTQr6sv40xNaj6Nj2r5J3pjuzy+CB75v17DqtM=; b=aCALvXBIdoqYmA2mxmV7upA7KP8r1wJf10U4mni7H6dvoAqKYugTCswekrHbqLZLKs tX1Auyndn/QA4h5qBPuAvwDjMu/xkqQUq+RT4cB7HIi7j3vmqcNzhKx4Q8w9v8kmLhRq GK0ub/mNAcH8dt/VeDfTcsA5jHdkyeMe9pWhtfib7F2Les1CAADJLb2Fs019JmmOe/O4 TKQRQw2WDi0lUG9fdBBYndfQIofl4zXtmuvFCoaXQKNq/8fFeud5s+D3FuVR3Oh5SItR L7amnI9OeSnNauVYa6lulztcEO8XbQsKU+N+2oRW/87/saf/FxKR6wOcFnM8zCWoQpIj 0K3w==
MIME-Version: 1.0
X-Received: by 10.180.188.48 with SMTP id fx16mr17417604wic.35.1437363673941; Sun, 19 Jul 2015 20:41:13 -0700 (PDT)
Received: by 10.194.20.97 with HTTP; Sun, 19 Jul 2015 20:41:13 -0700 (PDT)
In-Reply-To: <sjmvbdf4tpr.fsf@securerf.ihtfp.org>
References: <55A938F1.9090404@cs.tcd.ie> <CD936D80-BEA2-4918-828C-E3A392761EC5@gmail.com> <sjmvbdf4tpr.fsf@securerf.ihtfp.org>
Date: Sun, 19 Jul 2015 20:41:13 -0700
Message-ID: <CACsn0ckv4YjDCBvTtnvxjjuz0y7EE+Z-6jCdq5YYrY5kxVTN6A@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Derek Atkins <derek@ihtfp.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/mKO2O12wP9RdKJ4vZJXAzX0QlO0>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 03:41:17 -0000

On Sun, Jul 19, 2015 at 4:24 PM, Derek Atkins <derek@ihtfp.com>; wrote:
> Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>; writes:
>
>>> 2.9: I'm not really a fan of blessing weaker algs for OS, but I lost
>>> that argument before. I wonder if we would get consensus if this
>>> said that weak algs are better than no encryption but still MUST be
>>> deprecated as soon as feasible?
>>
>> I don't think we've really debated this enough to get consensus.  I
>> don't think weaker algs fit into our agreed definitions for OS.  I
>> just recall your debate with Pete on another draft, but think a wider
>> debate is needed to see what the consensus is.  I don't think weaker
>> algorithms should fit into the definition.
>
> What seems like a good algorithm today may become a weaker algorithm
> tomorrow.  Similarly, a new, better algorithm may appear next week.  So
> while I think we can all agree that no, we shouldn't use 1DES today, we
> don't know if next week someone will find an attack against AES-128 or
> ECC-P256.  What I'm saying that that qualifying "strong" and "weak" is,
> unfortunately, a more subjective (vs objective) process.

If this was possible, it would happen. But it really hasn't: if a
symmetric cipher is not analyzed within a year or two of coming out,
it never will be. The real problem is that people don't bother to
properly look up these analyses and see that RC4 is weak, or that DES
has insufficient size, or that Dobbertin has found free start
collisions in MD5. And when questions arise about the safety of these
primitives, we don't have a push to disable them, leaving it to
administrator action starting at the last minute. Every single attack
found recently against TLS depends on long-standing concerns that got
pushed to the side in the WG process.

Of course, the people deciding that algorithm XYZ sounds "better" than
VWQ don't actually know the relevant field, and the more we push that
decision towards end users and away from people who do know, the worse
this situation gets.

Sincerely,
Watson Ladd

>
>> Best regards,
>> Kathleen
>
> -derek
> --
>        Derek Atkins                 617-623-3745
>        derek@ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.