IETF Logo Mail Archive

[lamps] How to deal with Triple-DES in CMP Algorithms

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 23 October 2020 16:12 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12EA03A102F for <spasm@ietfa.amsl.com>; Fri, 23 Oct 2020 09:12:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WpJ8o0VBxFmt for <spasm@ietfa.amsl.com>; Fri, 23 Oct 2020 09:12:17 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80057.outbound.protection.outlook.com [40.107.8.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F4543A1002 for <spasm@ietf.org>; Fri, 23 Oct 2020 09:12:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lRh2YAA1V88xlkvTrJQOTUUjyZrpiNaI4CNX2pr9x8FzsNvlfvtspz8dDmgLSbI8zWWUMDIEYJR9yfGELePyLROiQw5rCZpMlCqEQmrPiQspLBXF3ov8zyg67qvWgHeSK6IJK7/Ey9nQzq410nu9z+AeR1fSL743UGjqBiZepTVj5WVg2VgUXTEGCdYGk5oOeYfSWcHtBXLuSao1tPwSGvAGQ/R+Ch6URRGG+vhBvomAujiWMhqdaD0ki3ftJBhdlr1j0uYHIPJIWq2WwNnq8pjF5SmYKIwZXLM/lXhBL/K9SK4Cs47YyBZtpS8Kyg6vPu8XyFA54qO1z9+dIoSTpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yKeKhlRAaBO97xuGij2MPKoMzAMPyZGY5203LDB149s=; b=fPaul4iaW0AbNyYQa7Bj/mv9pRDV9nQyNCLGRcfEOrZ3tIrES1nOFKGhPO90jMvejBxrKnUu+zQKUNiOPEE4J3GzmAgPibYuko6VwTh1bcxFWSoNgtDCkGweyAqWHrqAcyqo9fuJT+4ZIqVA1K30FUjWMwbYn3thS3bj4Q85PFVOW4RF934fuHdP+bM3LxpLzoc7KzVSLOeF9VbgoSwGoJ97MTaigrpSMIC279YzT3/QQ2c8QND/XJBeESoiuXxlw1/xeSGpHnHhrqVlaxuAcXG8Pc59il0r07XQ0OZ4+kWqNJvwPByzKVAlpFmnquBw6Up0Ca6XQRvuuSQOV9ECGQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yKeKhlRAaBO97xuGij2MPKoMzAMPyZGY5203LDB149s=; b=h9DjY9HKEhWlk8RL6TGxXFNd5Soof6G93Fc6cJu/xSmceiFPbrtl+PychpIndONg/3YRJtfhppbF5c16CZ098mMlU2uLDR2EVZZDaYxM3n7hQqYD2trpF3rZcqUCcKKagz30/bMu8jVEmpc/BXgAenMLopSh4Dq0wMEzXkSxyJ0=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB1860.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:47::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.25; Fri, 23 Oct 2020 16:12:13 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::48d8:f723:944:efe6]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::48d8:f723:944:efe6%6]) with mapi id 15.20.3477.027; Fri, 23 Oct 2020 16:12:13 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: How to deal with Triple-DES in CMP Algorithms
Thread-Index: AdapViCSMWwWKJULS/2/jU6xZnWaUw==
Date: Fri, 23 Oct 2020 16:12:13 +0000
Message-ID: <AM0PR10MB2418DD5F5C458CA90F588BA7FE1A0@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-10-23T16:12:12Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=573d050f-0720-43cc-9f39-a41614716c89; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [165.225.200.185]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 098a6bdd-ae6a-4f7b-d551-08d8776e677d
x-ms-traffictypediagnostic: AM0PR10MB1860:
x-microsoft-antispam-prvs: <AM0PR10MB186052912BD8DD62AE5832C5FE1A0@AM0PR10MB1860.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3ESDJKDKuelHA0Zlic0qgIOuckkd5rDDMewyhF93c6HtQJLPFSInLsJTMUiGpW2Kj9syWJE3MUT25sAAPFQMuGF1CgmNWyBqIFSuEPT81I22uapbexGHmpvNURWK/zN3RgatAOwJMKNBhgPPIJA3xg7koQmeNmrDVOve0Fm0mxWKoDLnPG3rkQpjhntXUnYDw7OuPSxK4tqsNnxinTCQhsppdXsF2UlBNkqVhfwEgPSR+7b0UL/isTRm/ts4Qvc9504M+Ucw8oEGiP3WhX4+zb16AsDQc8wsQVoo93h56u9IxYz2F8kSTXMKDxHnx8kO2/3SOOmwOfVl00vFKQbTL+UDijkMMOTTDuFvjbtXf0kNIkkKoBAsJKKU5p1TRpW4kwWsOn4NnPpTI0j2vX046A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(136003)(396003)(39860400002)(346002)(86362001)(66476007)(8936002)(5660300002)(71200400001)(66946007)(55236004)(8676002)(66556008)(33656002)(15974865002)(76116006)(26005)(9686003)(6916009)(4744005)(7696005)(66446008)(316002)(186003)(64756008)(6506007)(478600001)(2906002)(55016002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: PLOqrOPOqJu7CnKVFANO9dKgCjkBEyiAYp8k+CpFzergl2UQqol4TQEyO7JE0maF261R7DKJz1hMaUSJUsG8yDBFDV5S82FDKgv9E07smnGZm+RGd8b+hSTUsY4I8eGGr4mvjRH2uIoYns+qVOIT4906UaS3r4h3EVirFmtRSHajCpJiSPbuFrMV88J+ZQ4Nq5X0SSZLGu7MQSWAdEOA113npCi8zF1KlhRBAKq83VTetj28Waply7PoD+ee41phU9Btw+CzuwCbX4bRrssLduYQEACtwaCSk/ePBM8oOx03CwEZ6lX30mPuzCMq6g8I5bd1isT4RXgmY6NByAvVmtfeoRYpUli4GavkqnNH5fN73C6xjSnMV4xjuhLNTPzwnm4KkIkwNLUih1HoL33F+aESBB2jsEYT1P9sUaV12QryRTEGnCPeX3FRT/f+zokMp+yNSVFyBCF/mQrklefbHgQipt99IjRf5OSH7M2tdmXZnukhjojCREnW2b4Ab51LmZNj5PqOdzgGY/2dKZAXbztLkDpCZ9p/ui9+hgRFcnRpYiqMSEI+dpcjsou3zxBQJMtgdVMo1oDA/d40+XsI3i70BESllkPSXYDiFc3l/rqVBh6o0MapjZ5lzVsG/YNJy7jxGibxHiYLshR13Y0nZA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 098a6bdd-ae6a-4f7b-d551-08d8776e677d
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2020 16:12:13.8553 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: obM6irQgbpzxGLXCzawkFdYm8106qW44hrjFkxibO83b62mBOW38Jqgd9suI57yHWgwi/EeF2yYmbAGzwCbbJXwQSOQjTAjb14qZajUbK0w=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB1860
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/0SdL3LjzLSk_3B5RvdLvQwTNtmc>
Subject: [lamps] How to deal with Triple-DES in CMP Algorithms
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2020 16:12:25 -0000

In CMP (RFC 4210) Triple-DES CBC is used for encrypted key transport.
In CMS Algorithms (RFC 3370) Triple-DES key wrap and CBC is specified.
In RFC 8429 Triple-DES is deprecated for use in Kerberos.
I see Triple-DES still in use for S/MIME and elsewhere.

Currently I am writing the I-D on CMP Algorithms.
Should I specify Triple-DES as an alternative to AES or should I drop it?

Hendrik


Hendrik Brockhaus
Siemens AG
mailto:hendrik.brockhaus@siemens.com

www.siemens.com

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Klaus Helmrich, Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

v2.23.0 | Report a Bug | By Email