Re: [TLS] [Cfrg] 3DES diediedie

Kyle Rose <krose@krose.org> Thu, 01 September 2016 18:51 UTC

Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A87D12D5F4 for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 11:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLuh_VT3dd9k for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 11:51:41 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CADF512D5C9 for <tls@ietf.org>; Thu, 1 Sep 2016 11:51:40 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id 11so34366106qtc.0 for <tls@ietf.org>; Thu, 01 Sep 2016 11:51:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kZRYD2g+umiuqgd++GNFQmYmBfvFqFX0aeo30PgKA1E=; b=kuqJLMC5nz1Wy/cKCLyJTJe2tgGuEXdNkGB9LBsNLASaUrfqbXJiXUOeWr29B8ZXMg eKlJrnv1Pi3SdGk6TyBAaE9krVlwNunucs9dl+/nlyblB6bbBUi6jsPCJPJ1ALHB1NZj ismp0j5bwPSb4rZNQpmDfDoL+ugZDdPtQiMXE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kZRYD2g+umiuqgd++GNFQmYmBfvFqFX0aeo30PgKA1E=; b=jafernIYEmjWhGmuGGKVmJQ6OSb8UbZUEVVaD12BokfCR4Zelyzhne0/PaPPE1Z9WJ nFYnJC4OfOtqtqftX/A/qzScuS62lyZkgOLqL4r9WxVMe45qIpG2y3vemrPL65d95TNo iXfiSV3FCKEuisd2HMKfukOv9nk+/JCOZebXBmuYc7UFDDlPbc6m9nassMwcM639bV2s gwcA7xLpQGOTD2gtq/QHgIugqCvTIXt4LfX9qgy5fBW2Qd7ipVrr2YpJ7veaKdjcPc0k PnTRn6o04IDDPM+EpsmHG01kiBVF6SwiNHTIMoQTja15yDQOaFR9/1KN06hlXIXPph2Y L4Og==
X-Gm-Message-State: AE9vXwPyAVLI521ZPJb45d0QHwKk5nydRfOtC9y5EwUQBmC4FcoaOolXz8ExyoCEbhTDNq9FBVk1PxPV5LsEcg==
X-Received: by 10.200.57.108 with SMTP id t41mr19851218qtb.33.1472755899795; Thu, 01 Sep 2016 11:51:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.130.197 with HTTP; Thu, 1 Sep 2016 11:51:38 -0700 (PDT)
X-Originating-IP: [64.134.52.145]
In-Reply-To: <2123223.JzJ8ujFHJJ@pintsize.usersys.redhat.com>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <b2fb4b70-7b65-2d6c-2073-c9db8d86f608@cs.tcd.ie> <9A043F3CF02CD34C8E74AC1594475C73F4D053AB@uxcn10-5.UoA.auckland.ac.nz> <2123223.JzJ8ujFHJJ@pintsize.usersys.redhat.com>
From: Kyle Rose <krose@krose.org>
Date: Thu, 01 Sep 2016 11:51:38 -0700
Message-ID: <CAJU8_nWjVCERgK-rv9iAQsmGkhfpQUJXLp2Vqvg-6d58LV+RSQ@mail.gmail.com>
To: Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="001a113f3d023feac7053b76b45b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BPeT0acrRevRxI06Btj5qIgJm3c>
Cc: "David McGrew (mcgrew)" <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 18:51:44 -0000

On Mon, Aug 29, 2016 at 5:00 AM, Hubert Kario <hkario@redhat.com> wrote:

>
> we have enough problems weeding out implementation mistakes in TLS, we
> don't
> need yet another protocol and two dozen implementations that come with it
>

Strongly agreed.

Focusing energy on getting "something" working for low-power devices is
putting the cart before the horse. Security has to be a primary objective
here, in the standards world in general and in CFRG in particular. We can
surely consider tradeoffs---more frequent key rotations, security
guarantees reduced in a well-defined way, shorter lifetimes for
credentials, etc.---but these should be explicitly chosen, not determined
after the fact based on what happened to be in our toolbox at the time.
Keeping 3DES around in a general-purpose protocol headed for
standardization in spite of the known problems with small block sizes is
almost certain to create more work in the coming years for everyone simply
to benefit implementors of systems for which security is clearly not the
primary concern.

>From following the discussion, low power crypto seems like a research area
at this point, not an implementation effort. (Of course, the flaws in
whatever ill-advised schemes get implemented will generate their own
research efforts and inevitable transitive trust problems with supposedly
more-secure systems. Alas, we haven't yet figured out a way to keep people
from generating sufficient rope to hang themselves with.)

Kyle