Re: [Tcpcrypt] Initial questions
ianG <iang@iang.org> Thu, 19 June 2014 18:23 UTC
Return-Path: <iang@iang.org>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B20A51A0305 for <tcpcrypt@ietfa.amsl.com>; Thu, 19 Jun 2014 11:23:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLwNNUr2FnHE for <tcpcrypt@ietfa.amsl.com>; Thu, 19 Jun 2014 11:23:42 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E7F21A02D4 for <tcpcrypt@ietf.org>; Thu, 19 Jun 2014 11:23:42 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 3532F6D61F; Thu, 19 Jun 2014 14:23:39 -0400 (EDT)
Message-ID: <53A32AAA.1060400@iang.org>
Date: Thu, 19 Jun 2014 19:23:38 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, tcpcrypt@ietf.org
References: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com> <53A2066A.4090802@isi.edu> <53A2BF69.3040001@iang.org> <53A3242E.7020106@isi.edu>
In-Reply-To: <53A3242E.7020106@isi.edu>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/aA9Mjss5ktRgi1CLFPDIAqS4_kA
Subject: Re: [Tcpcrypt] Initial questions
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jun 2014 18:23:44 -0000
On 19/06/2014 18:55 pm, Joe Touch wrote: > On 6/19/2014 3:46 AM, ianG wrote: >> On 18/06/2014 22:36 pm, Joe Touch wrote: >>> Comments on your other points: >>> >>> As to the specific algorithms and how many, we probably all agree that a >>> small number of required algorithms is preferable. I think 2 is a good >>> upper bound on the MUST algorithms, though. >> >> Actually, no. I for one disagree. There should be one true cipher >> suite [0]. > > If you have only one, then if (or when) you urgently decide it's > vulnerable and want an alternate you need to wait for deployment of an > update (e.g., as happened to TCP MD5 MD5 isn't a good example. It has been effectively deprecated by SHA1 (and SHA0 ;) as of around 1996. MD5 was collision-cracked around 2004, as reported at Crypto 2004 in Santa Barbara. When did TCP have this 'urgent decision' ? If it happened several years after 1996, then what you have is a forewarning that was ignored. If it was after 2004, well, no amount of warning will do, and algorithmic agility is a crutch that should be stripped away in order to focus attention. > ). That will undermine the utility > of a solution. > > That's why TCP-AO included two 'must implement' algorithms from the > start, and why it's important to do so here as well. I'd like to see some historical evidence of when this actually made a difference? Yes, we understand the idea. But we now have 20 years of experience in Internet protocols. We have data. What does the data say about algorithmic agility, in the field? The closest I've seen is the backoff in TLS back to RC4. But even that only gets halfmarks because RC4 itself should have been deprecated ages ago. iang
- [Tcpcrypt] Initial questions Sandy Harris
- Re: [Tcpcrypt] Initial questions Tony Arcieri
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions marcelo bagnulo braun
- Re: [Tcpcrypt] Initial questions marcelo bagnulo braun
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Tony Arcieri
- Re: [Tcpcrypt] Initial questions Derek Fawcus
- Re: [Tcpcrypt] Initial questions Derek Fawcus
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Stephen Kent
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Sandy Harris
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Stephen Farrell
- Re: [Tcpcrypt] Initial questions Stephen Farrell
- Re: [Tcpcrypt] Initial questions Tero Kivinen