Re: [TLS] [Cfrg] 3DES diediedie

John Mattsson <john.mattsson@ericsson.com> Thu, 25 August 2016 09:54 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4658612D50B for <tls@ietfa.amsl.com>; Thu, 25 Aug 2016 02:54:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBD_HWP3gIdi for <tls@ietfa.amsl.com>; Thu, 25 Aug 2016 02:54:29 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C99012D1BD for <tls@ietf.org>; Thu, 25 Aug 2016 02:54:27 -0700 (PDT)
X-AuditID: c1b4fb2d-903ff700000019a3-71-57bec04fbe3f
Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by (Symantec Mail Security) with SMTP id 87.B3.06563.F40CEB75; Thu, 25 Aug 2016 11:54:26 +0200 (CEST)
Received: from ESESSMB307.ericsson.se ([169.254.7.215]) by ESESSHC005.ericsson.se ([153.88.183.33]) with mapi id 14.03.0301.000; Thu, 25 Aug 2016 11:54:23 +0200
From: John Mattsson <john.mattsson@ericsson.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Tony Arcieri <bascule@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] [TLS] 3DES diediedie
Thread-Index: AQHR/raoCiRg5YveN02k55l7inXbrw==
Date: Thu, 25 Aug 2016 09:54:22 +0000
Message-ID: <D3E489EA.4EC34%john.mattsson@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.6.160626
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="utf-8"
Content-ID: <20599B78BF824247A503E60AB1AD6753@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphkeLIzCtJLcpLzFFi42KZGbFdUTfowL5wg7kbZS0uPW5hsuj+cZDJ 4uW756wWn853MTqweFxsPMDksXPWXXaPJUt+MnlM3niYLYAlissmJTUnsyy1SN8ugSujbe8D xoJPfBX77u5ibWA8wNfFyMkhIWAicejxWsYuRi4OIYH1jBLHPx5hA0kICSxhlHh8UBXEZhMw kJi7p4ENpEhEYCqjxK0lB1lBEsICGhJLr25lBLFFBDQl+r49Y4Gw9SSWnZgOZrMIqEpcXP2N qYuRg4NXwFziZ2coSJhRQEzi+6k1TCA2s4C4xK0n85kgDhKQWLLnPDOELSrx8vE/sFWiQCOf nVzMCBFXklh7eDsLyEhmoLXrd+lDmNYSZ3bLQkxUlJjS/ZAdxOYVEJQ4OfMJywRGkVlIls1C aJ6F0DwLSfMsJM0LGFlXMYoWpxYX56YbGeulFmUmFxfn5+nlpZZsYgTG0cEtv3V3MK5+7XiI UYCDUYmHd8GDveFCrIllxZW5hxglOJiVRHjv7tsXLsSbklhZlVqUH19UmpNafIhRmoNFSZzX /6ViuJBAemJJanZqakFqEUyWiYNTqoGx1ECP/UXTsgNvpr16oXuxyPbW0r/iBUa9XNF39Hzu zjLn1Yzsnvbs8q5jraKb33oZ9JVNMzITPRDuPu/Qny/Hpm1apPtALEjnx6E9AS63r2vXWn1g kgqctHdSQXby+T95jKYfP+sERjn5JhbV9hl43+mIY+oLvBD1u/qweYoce3fLlZff2l4rsRRn JBpqMRcVJwIA5T45sZ8CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9bnYhLuXNe25gyhnn8cCSyDUOSc>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 09:54:32 -0000

I think the recently published attack has more to do with bad
implementations/specification than a newly discovered weakness in 3DES.
That you should never encrypt anything near 2^32 blocks is well known (but
I don’t know how well this is explained in NIST or IETF specifications, if
at all).

I am very supportive of everything speeding up the deprecation of weak
algorithms and protocols, but  then I think CFRG should make a broader
approach and look at more candidates for general deprecation like SHA-1
signatures, 1024-bit MODP, and 1024-bit RSA… I think all of these are far
weaker than 3-key 3DES.

Making sure that IETF provides good implementation guidelines and
requirements for all ciphers might be as important.

/John


On 25/08/16 05:28, "Cfrg on behalf of Peter Gutmann"
<cfrg-bounces@irtf.org on behalf of pgut001@cs.auckland.ac.nz> wrote:

>Tony Arcieri <bascule@gmail.com> writes:
>
>>Should there be a 3DES "diediedie"?
>
>Only if there's an actualy issue.  3DES is still very widely supported
>(particularly in financial systems and embedded), and provides a useful
>backup to AES.  An attack that recovers cookie if you can record 785GB
>of traffic isn't anything I'm losing any sleep over.
>
>Peter.
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>https://www.irtf.org/mailman/listinfo/cfrg