Re: [TLS] [Cfrg] 3DES diediedie

Tony Arcieri <bascule@gmail.com> Wed, 07 September 2016 19:45 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EF2F12B278 for <tls@ietfa.amsl.com>; Wed, 7 Sep 2016 12:45:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkGouylUBi7Y for <tls@ietfa.amsl.com>; Wed, 7 Sep 2016 12:45:36 -0700 (PDT)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 207D312B37F for <tls@ietf.org>; Wed, 7 Sep 2016 12:45:36 -0700 (PDT)
Received: by mail-vk0-x22b.google.com with SMTP id v189so22354405vkv.1 for <tls@ietf.org>; Wed, 07 Sep 2016 12:45:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=h9j+j6gA59M0mbGcEwbmtrJYqSGpzrdToQgC7XIUDYM=; b=vOTvdPZUwyVUwtDCK09TGy0TLWhD91joCLKhb+gqj8geY2KEvzkvjYerA/fR9n8+pY INYlszhL3/M30aEZIJmNe+dG+bhDrXHvl5BhYKCLDGbzG9yB/eKUeVeZEqcWtaYyMcob RQBdQdihnQbrJZ4xNYVeTXQzK1GIhnN0y0wsS7bS50pRVbz9t/puGuMd12xk3OjoEIrV ZO+C1DaLNNGPcFJtgV0MF/+XqhjLkjq+fzUOMl1hFZcZIljJUCq80OLuQf8dENqF8qUr NH77VacWJyvv10uz0z7zHYwtZeaL9Malqdhr7xvn76pG1PznHbgUX2cpCmYbrPXFRyhw +13A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=h9j+j6gA59M0mbGcEwbmtrJYqSGpzrdToQgC7XIUDYM=; b=Uuy/DUtkOJ+s/UvNCDpqV7C6eKiM1Bft7iHJjYM+8m82MKdU9A/PikgrgQyjPD18hk 6xXZCaoWGOhSfg1gL0Te6OAzE95dK+PofuBnYHkm0ePHzsdaKNOk4qJaeWmCgRVdHO1R A3eMkRIa2kIZnkd/8yROKHZUmkpTHnf/fZm115ZDHyXb6vRdGfZ4BO51J0r1iS9n/r1o mkZK5WehHQCWZI1NUlLn8CGdYnVf/X2WM4yHGoY8SHrSg22N5R20Luqi7FOO2ctlfAhY 4qRFLHIbIl7TGBbrSBu2ik2C66uatelFlacAtH2RJQfXgdbypq50QQFMj+axC2W7G6MI Cluw==
X-Gm-Message-State: AE9vXwMk9WJQfXi2KEMs9sDN6RBUH4lwpwaGZVLlYFAvOWxhDQwdSTjkGfM2qbil6nhGxGam97GuXBbG7FM1Pg==
X-Received: by 10.31.136.70 with SMTP id k67mr29978006vkd.13.1473277535268; Wed, 07 Sep 2016 12:45:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.79.90 with HTTP; Wed, 7 Sep 2016 12:45:14 -0700 (PDT)
In-Reply-To: <1473221674611.89839@cs.auckland.ac.nz>
References: <m2lgzcyhxi.fsf@bos-mpeve.kendall.corp.akamai.com> <201608311948.u7VJmChl018731@rumpleteazer.rhmr.com> <CABrd9STOCbBo=g22XySRnWofHwVZkrC-ripZY38yLRZV2kQh3A@mail.gmail.com> <sjminu8vk1t.fsf@securerf.ihtfp.org> <1473221674611.89839@cs.auckland.ac.nz>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 7 Sep 2016 12:45:14 -0700
Message-ID: <CAHOTMVKJJAOz+a0d6jej2mYpM9LiBnt65XtYVVTH6dKzN_UCxA@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary=001a11440bb62536de053bf028bc
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EYoBLZTro1JUiOIrk-lwciwq5zs>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2016 19:45:38 -0000

On Tue, Sep 6, 2016 at 9:15 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> When crypto hardware support is available, it's universally AES,
> occasionally
> SHA-1 and/or DES, and very rarely RSA and/or DH and/or ECDSA


EMV chip cards support RSA digital signatures. Granted earlier EMV cards
used ridiculously small key lengths (i.e. 320-bits), but they have been
gradually ratcheted up to e.g. 768 or 1024-bits.

These cards number in the billions (10s of billions?) and the chips are
priced in the penny range.

I don't think it's impractical to ship hardware accelerated asymmetric
crypto primitives on chips that meet the specifications you're describing.
The payments industry has definitely shown it's possible.

-- 
Tony Arcieri