Re: [TLS] [Cfrg] 3DES diediedie

Ira McDonald <blueroofmusic@gmail.com> Thu, 25 August 2016 13:55 UTC

Return-Path: <blueroofmusic@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2509512D09B for <tls@ietfa.amsl.com>; Thu, 25 Aug 2016 06:55:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.628
X-Spam-Level:
X-Spam-Status: No, score=-0.628 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URI_NO_WWW_INFO_CGI=2.071] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yuwMFY7FwtXy for <tls@ietfa.amsl.com>; Thu, 25 Aug 2016 06:55:31 -0700 (PDT)
Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5558E12B03C for <tls@ietf.org>; Thu, 25 Aug 2016 06:55:31 -0700 (PDT)
Received: by mail-it0-x231.google.com with SMTP id e63so33142285ith.1 for <tls@ietf.org>; Thu, 25 Aug 2016 06:55:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gaCB2wQFq10USHfXhqoBjNSw1smvh8hH04eANyvyGU4=; b=fP0vBwitUL4vdJfbtjERP7lJ99Ohc55Q3g/+DusagjtZaLDycKpRXdpBT0SfE6X0Mq SnpYvhJDS9l+B4oHjJjWBzcaaXHVgkIp2d1/FHaiU2JfjvGDvPKIvtIW4kQdnyCRGONb fwCo48cOwjfbL3b5QtyHMRELOMCY0vEzNhxvPibeC9igXRqQZHv/VRNGV+WT1Hy8iCZ5 jHLdRupQYVD/9Tog9s0iA6bZTyEwr7qHAysGTpAgPttDz5SFVpLtEFihXe3CHViBROyx Mmmd1TWTcA0yueuOWiVgOqlnp2TC8MtIJnUs/PzYYn9Wl9IKA7shCqCL0ngIyXjE8rJb xOsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gaCB2wQFq10USHfXhqoBjNSw1smvh8hH04eANyvyGU4=; b=cHKfxImXZSeETo7gQ5V0aFElNeiA0nmzEdIYDlqelO1hqKckuU/55aPV91lewUqf9a sDNxBspiVk5jQRUySuDXdAsesk3Gxccs8JEnE+g+xAQuJhb3rzvTNv/YLzl72G+DWJLi mSHksyqaERAr+WktDRzdCg3vAfl/4ublENpiDTSj4q2eHa14lRcvtJ3Zn09JRko62cVC NskStlxrSNAdVkSbdm+TNb6NksLgtINNH9l/eQxulNIDvyFC+mObHZHQkqPZNpFosaPv OMGokHvso34eZijQC7KX4IN3hymTmpk0zAigEtAIHM9uCnmH8YCcdd7FLDrr9krT4IeK Ykxg==
X-Gm-Message-State: AE9vXwMtT5R6BekXOO39SpWAknR4wVE1In60JtAl3t+0aRtGVbqmTTGHgUSo7U8a1tleykdvst4pUVJUbQKkLA==
X-Received: by 10.36.238.134 with SMTP id b128mr5204572iti.72.1472133330708; Thu, 25 Aug 2016 06:55:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.11.67 with HTTP; Thu, 25 Aug 2016 06:55:10 -0700 (PDT)
In-Reply-To: <CABcZeBOCUnVvHbMC09w=STZ2xfQXm9i77Aq++gavOq4Qp5b+4Q@mail.gmail.com>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <CAHOTMVKBmDT-okm=ikECrotcEKS5fdn840-gV+5Tnx3eg4JBkQ@mail.gmail.com> <E201DE55-20AF-4581-B502-5112DBA535A5@dukhovni.org> <6377217.GbyXToEj0o@pintsize.usersys.redhat.com> <6933C5DD-9C84-44E0-88D4-6E3D3C9A2C78@gmail.com> <CABcZeBOCUnVvHbMC09w=STZ2xfQXm9i77Aq++gavOq4Qp5b+4Q@mail.gmail.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Thu, 25 Aug 2016 09:55:10 -0400
Message-ID: <CAN40gSu3bvYhEeQ+B8AvfDpyWFt_QA4M2-wgGBZkFAzAWPLOZA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>, Ira McDonald <blueroofmusic@gmail.com>
Content-Type: multipart/alternative; boundary=f403045c0e563d2fc7053ae5c069
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/D1TItrn9MjWnrTQavjV5vK-CW5k>
Cc: david wong <davidwong.crypto@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 13:55:33 -0000

Hi,

This survey of TLS in 1 million web servers shows that 93% support 3DES -
oof!

https://jve.linuxwall.info/blog/index.php?post/TLS_Survey

3DES hasn't quite disappeared on the Internet.

Cheers,
- Ira


Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434


On Thu, Aug 25, 2016 at 9:33 AM, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Thu, Aug 25, 2016 at 6:21 AM, david wong <davidwong.crypto@gmail.com>
> wrote:
>
>> I don't think a RFC deprecating them is a good idea:
>>
>> * TLS 1.3 is almost here and is already doing that
>> * what browser still use 64-bit ciphers? Who lets his "old" browser open
>> for 75 hours?
>>
>
> Actually, I believe that all the major browsers support 3DES.
>
> -Ekr
>
> * in other uses of TLS. It's not always obvious if there is a possible
>> beast style attacks. And their implementation might really well not be
>> vulnerable (due to limiting number of messages according to specs)
>>
>> David
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
>>
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>
>