Re: [TLS] [Cfrg] 3DES diediedie

John Mattsson <> Thu, 25 August 2016 09:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4658612D50B for <>; Thu, 25 Aug 2016 02:54:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IBD_HWP3gIdi for <>; Thu, 25 Aug 2016 02:54:29 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0C99012D1BD for <>; Thu, 25 Aug 2016 02:54:27 -0700 (PDT)
X-AuditID: c1b4fb2d-903ff700000019a3-71-57bec04fbe3f
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 87.B3.06563.F40CEB75; Thu, 25 Aug 2016 11:54:26 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.03.0301.000; Thu, 25 Aug 2016 11:54:23 +0200
From: John Mattsson <>
To: Peter Gutmann <>, Tony Arcieri <>, "<>" <>, "" <>
Thread-Topic: [Cfrg] [TLS] 3DES diediedie
Thread-Index: AQHR/raoCiRg5YveN02k55l7inXbrw==
Date: Thu, 25 Aug 2016 09:54:22 +0000
Message-ID: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphkeLIzCtJLcpLzFFi42KZGbFdUTfowL5wg7kbZS0uPW5hsuj+cZDJ 4uW756wWn853MTqweFxsPMDksXPWXXaPJUt+MnlM3niYLYAlissmJTUnsyy1SN8ugSujbe8D xoJPfBX77u5ibWA8wNfFyMkhIWAicejxWsYuRi4OIYH1jBLHPx5hA0kICSxhlHh8UBXEZhMw kJi7p4ENpEhEYCqjxK0lB1lBEsICGhJLr25lBLFFBDQl+r49Y4Gw9SSWnZgOZrMIqEpcXP2N qYuRg4NXwFziZ2coSJhRQEzi+6k1TCA2s4C4xK0n85kgDhKQWLLnPDOELSrx8vE/sFWiQCOf nVzMCBFXklh7eDsLyEhmoLXrd+lDmNYSZ3bLQkxUlJjS/ZAdxOYVEJQ4OfMJywRGkVlIls1C aJ6F0DwLSfMsJM0LGFlXMYoWpxYX56YbGeulFmUmFxfn5+nlpZZsYgTG0cEtv3V3MK5+7XiI UYCDUYmHd8GDveFCrIllxZW5hxglOJiVRHjv7tsXLsSbklhZlVqUH19UmpNafIhRmoNFSZzX /6ViuJBAemJJanZqakFqEUyWiYNTqoGx1ECP/UXTsgNvpr16oXuxyPbW0r/iBUa9XNF39Hzu zjLn1Yzsnvbs8q5jraKb33oZ9JVNMzITPRDuPu/Qny/Hpm1apPtALEjnx6E9AS63r2vXWn1g kgqctHdSQXby+T95jKYfP+sERjn5JhbV9hl43+mIY+oLvBD1u/qweYoce3fLlZff2l4rsRRn JBpqMRcVJwIA5T45sZ8CAAA=
Archived-At: <>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Aug 2016 09:54:32 -0000

I think the recently published attack has more to do with bad
implementations/specification than a newly discovered weakness in 3DES.
That you should never encrypt anything near 2^32 blocks is well known (but
I don’t know how well this is explained in NIST or IETF specifications, if
at all).

I am very supportive of everything speeding up the deprecation of weak
algorithms and protocols, but  then I think CFRG should make a broader
approach and look at more candidates for general deprecation like SHA-1
signatures, 1024-bit MODP, and 1024-bit RSA… I think all of these are far
weaker than 3-key 3DES.

Making sure that IETF provides good implementation guidelines and
requirements for all ciphers might be as important.


On 25/08/16 05:28, "Cfrg on behalf of Peter Gutmann"
< on behalf of> wrote:

>Tony Arcieri <> writes:
>>Should there be a 3DES "diediedie"?
>Only if there's an actualy issue.  3DES is still very widely supported
>(particularly in financial systems and embedded), and provides a useful
>backup to AES.  An attack that recovers cookie if you can record 785GB
>of traffic isn't anything I'm losing any sleep over.
>Cfrg mailing list