Re: [TLS] [Cfrg] 3DES diediedie
Kyle Rose <krose@krose.org> Thu, 01 September 2016 18:51 UTC
Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A87D12D5F4 for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 11:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLuh_VT3dd9k for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 11:51:41 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CADF512D5C9 for <tls@ietf.org>; Thu, 1 Sep 2016 11:51:40 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id 11so34366106qtc.0 for <tls@ietf.org>; Thu, 01 Sep 2016 11:51:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kZRYD2g+umiuqgd++GNFQmYmBfvFqFX0aeo30PgKA1E=; b=kuqJLMC5nz1Wy/cKCLyJTJe2tgGuEXdNkGB9LBsNLASaUrfqbXJiXUOeWr29B8ZXMg eKlJrnv1Pi3SdGk6TyBAaE9krVlwNunucs9dl+/nlyblB6bbBUi6jsPCJPJ1ALHB1NZj ismp0j5bwPSb4rZNQpmDfDoL+ugZDdPtQiMXE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kZRYD2g+umiuqgd++GNFQmYmBfvFqFX0aeo30PgKA1E=; b=jafernIYEmjWhGmuGGKVmJQ6OSb8UbZUEVVaD12BokfCR4Zelyzhne0/PaPPE1Z9WJ nFYnJC4OfOtqtqftX/A/qzScuS62lyZkgOLqL4r9WxVMe45qIpG2y3vemrPL65d95TNo iXfiSV3FCKEuisd2HMKfukOv9nk+/JCOZebXBmuYc7UFDDlPbc6m9nassMwcM639bV2s gwcA7xLpQGOTD2gtq/QHgIugqCvTIXt4LfX9qgy5fBW2Qd7ipVrr2YpJ7veaKdjcPc0k PnTRn6o04IDDPM+EpsmHG01kiBVF6SwiNHTIMoQTja15yDQOaFR9/1KN06hlXIXPph2Y L4Og==
X-Gm-Message-State: AE9vXwPyAVLI521ZPJb45d0QHwKk5nydRfOtC9y5EwUQBmC4FcoaOolXz8ExyoCEbhTDNq9FBVk1PxPV5LsEcg==
X-Received: by 10.200.57.108 with SMTP id t41mr19851218qtb.33.1472755899795; Thu, 01 Sep 2016 11:51:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.130.197 with HTTP; Thu, 1 Sep 2016 11:51:38 -0700 (PDT)
X-Originating-IP: [64.134.52.145]
In-Reply-To: <2123223.JzJ8ujFHJJ@pintsize.usersys.redhat.com>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <b2fb4b70-7b65-2d6c-2073-c9db8d86f608@cs.tcd.ie> <9A043F3CF02CD34C8E74AC1594475C73F4D053AB@uxcn10-5.UoA.auckland.ac.nz> <2123223.JzJ8ujFHJJ@pintsize.usersys.redhat.com>
From: Kyle Rose <krose@krose.org>
Date: Thu, 01 Sep 2016 11:51:38 -0700
Message-ID: <CAJU8_nWjVCERgK-rv9iAQsmGkhfpQUJXLp2Vqvg-6d58LV+RSQ@mail.gmail.com>
To: Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="001a113f3d023feac7053b76b45b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BPeT0acrRevRxI06Btj5qIgJm3c>
Cc: "David McGrew (mcgrew)" <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 18:51:44 -0000
On Mon, Aug 29, 2016 at 5:00 AM, Hubert Kario <hkario@redhat.com> wrote: > > we have enough problems weeding out implementation mistakes in TLS, we > don't > need yet another protocol and two dozen implementations that come with it > Strongly agreed. Focusing energy on getting "something" working for low-power devices is putting the cart before the horse. Security has to be a primary objective here, in the standards world in general and in CFRG in particular. We can surely consider tradeoffs---more frequent key rotations, security guarantees reduced in a well-defined way, shorter lifetimes for credentials, etc.---but these should be explicitly chosen, not determined after the fact based on what happened to be in our toolbox at the time. Keeping 3DES around in a general-purpose protocol headed for standardization in spite of the known problems with small block sizes is almost certain to create more work in the coming years for everyone simply to benefit implementors of systems for which security is clearly not the primary concern. >From following the discussion, low power crypto seems like a research area at this point, not an implementation effort. (Of course, the flaws in whatever ill-advised schemes get implemented will generate their own research efforts and inevitable transitive trust problems with supposedly more-secure systems. Alas, we haven't yet figured out a way to keep people from generating sufficient rope to hang themselves with.) Kyle
- [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Benjamin Kaduk
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Viktor Dukhovni
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie david wong
- Re: [TLS] [Cfrg] 3DES diediedie Eric Rescorla
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] 3DES diediedie Geoffrey Keating
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] 3DES diediedie Dmitry Belyavsky
- Re: [TLS] [Cfrg] 3DES diediedie Stanislav V. Smyshlyaev
- Re: [TLS] 3DES diediedie Hanno Böck
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Watson Ladd
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Karthikeyan Bhargavan
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- [TLS] (confusing the issues) Re: [Cfrg] 3DES died… Rene Struik
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] (confusing the issues) Re: [Cfrg] 3DES … Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Jon Callas
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Jon Callas
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Rene Struik
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Greg Rose
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Brian Sniffen
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Philip Levis
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] [Cfrg] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Salz, Rich
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Yoav Nir
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose