Re: [TLS] [Cfrg] 3DES diediedie

Peter Gutmann <> Tue, 30 August 2016 09:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A89FC12B02C for <>; Tue, 30 Aug 2016 02:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id d9cJbBdw_pYF for <>; Tue, 30 Aug 2016 02:41:42 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1EFFC12B024 for <>; Tue, 30 Aug 2016 02:41:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1472550102; x=1504086102; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=8eJWKD/kJz+55GDSJ6UGR11LkR9Nofyo3urfHwh9s3Q=; b=svOyMIxHe39PB+PZAyCEVyCxwxQaF/qihyJoKms9FW+heUAyo7fw5jTd 9My1bKt6vsoNC9/bnKdwjVCem6mNZSUVBjxahcEUgt9bduqei0x2FOVkx /cwUinXjfumRl3dREFWy7nQjwXSGrDddNFn+iv5z/KLZxiDcF/bVuVEDJ TGwuwxH9ma9oGv7/mJiWoDOGPLX39sHkSQIkavH0ijdNiXx5MBQE52Oka jSEElb1GO98eZnVJJD7jcVFqq+25Qhjj71muFmijzOjlEfIPLUOdnsign Y75ZqyVguGr3lvn71ID5HrXM0SgtmoDqnxzG2QsBJkO8Z/PHnuDHn4xkm g==;
X-IronPort-AV: E=Sophos;i="5.30,255,1470657600"; d="scan'208";a="104041592"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES256-SHA; 30 Aug 2016 21:41:37 +1200
Received: from ([]) by ([]) with mapi id 14.03.0266.001; Tue, 30 Aug 2016 21:41:37 +1200
From: Peter Gutmann <>
To: "David McGrew (mcgrew)" <>, Tony Arcieri <>, "<>" <>, "" <>
Thread-Topic: [Cfrg] 3DES diediedie
Thread-Index: AQHR/8MKtrFGWEVZoU+YIDla8GEE7aBcuoQ1//9AtgCAAkz7eYAA1VQAgAImRw0=
Date: Tue, 30 Aug 2016 09:41:36 +0000
Message-ID: <>
References: <> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Aug 2016 09:41:46 -0000

David McGrew (mcgrew) <> writes:

>See for instance slides 8 and 9 of Daniel Shumow's talk at NIST’s LWC
>workshop last year:

So looking at slide 6 from that, the first four systems he lists are desktop
PCs (in all but form factor), it's only the last two that are down at the
resource levels of IoT.  I'm not sure why he picked the Arduinos there because
I wouldn't really consider them terribly representative of IoT devices, was it
to get something that people are familiar with?  Even if you're wanting to
restrict yourself to well-known complete systems I think at least an ESP8266
(80Mhz SoC with 96K RAM, 64K flash, no multiply or divide by default) should
get a mention.

Slide 9 is even further removed from IoT practicality, that stuff may be fine
on the PC-equivalents but won't work on real IoT gear.

I'm currently working with some embedded systems guys to come up with a list
of requirements for IoT crypto (as with the TLS-LTS stuff, various IP/legal
issues means many contributors don't want to say anything in public), I'll
post it to the list when we've finished arguing :-).