[TLS] Re: RFCs on weakened crypto are not fixed by warnings
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 09 April 2026 12:12 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9BEF0D8AB424 for <tls@mail2.ietf.org>; Thu, 9 Apr 2026 05:12:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775736739; bh=kCvHRcciQuecMIIBUTq+uxTXS4tzL2nevQcPvXj2kqY=; h=From:To:Subject:Date:References:In-Reply-To; b=NL0zmzFbC1X7e80436pM0XbxHhdaxyFXTdUntV11x0Fd3RR5GAfeTcueFzGzqvnH2 bJNrlSuVVgB390daRLquvVJV6rGunvWhTt+lXn6AN1HBzk67GHwcGVhn8DZhxsBFr+ Cg0DfQql8yRANWKhzhTze+BIQkzsWOc+Y7wZpdqI=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.auckland.ac.nz
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvgHkH_fsVsR for <tls@mail2.ietf.org>; Thu, 9 Apr 2026 05:12:18 -0700 (PDT)
Received: from MEUPR01CU001.outbound.protection.outlook.com (mail-australiasoutheastazon11020082.outbound.protection.outlook.com [52.101.152.82]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2E363D8AB41F for <tls@ietf.org>; Thu, 9 Apr 2026 05:12:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GtAG189Ukopoic/SpzqMhgc/wdlDpVasEOzuNaApgtm9R5k5z0y7orzCf3DGFTQAQ8tC7GwSkW/Y2wt856aQ/3jfzz1B2x1ncwU1rpdHr6rZuIE84j26VsN9Wwp8UO3lzVWrpbQjE/MOyjtp2ZTvRNZx67RbagMIKNA0HxlnTGOW415ayS17PSvBofkacNFcvMy+2vIGdjEKWZhtgNhs7Z2QJCPWQfugm7Cxzv22qqteaHiFecK0N4Na5c09rBEgAD2Tck5nUm0uJoAaDmbthbpBZfNVeWmR6SVhl+N2cjWp/vtppsJJnRISJHZ49Up+vdstLCPpyNNp6KeuVLzMLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=11wC56eL4bB2L1rvb8FSbl+yKR4jd7IjUoVmKoWciPY=; b=SizflDYTc3GijkDSCzJlWQk9y5WMbsd81gMrgbfH8F/uB1go2ho81dsNS24CJSb62AvxbNJ5JTfIQb9L2J1d1hoAPaTSe7DGLAgDl3VWqU/VOj0C+mf8+sYBN46pJg9Mcgj+T3ZhYnz4vfo8WiZ3UO4r5kfpKxvCW5iuk3bV9+JV2ZcYlEUsUje2mE/hA42Dw8cZLEva9/CXdp5DmvEznnufJlO+olysl+2QzvsfRhv1vDgvMALwJRy7yIgiDoqHyogzEB+HdgV7yjETkpFSrpmpi8m3iU2MDt+ZZF2YOOetGFrRl6AdgM6gnqPrIzUkc/ZUTatGITsTVcYt2BNbbA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.auckland.ac.nz; dmarc=pass action=none header.from=cs.auckland.ac.nz; dkim=pass header.d=cs.auckland.ac.nz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.auckland.ac.nz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11wC56eL4bB2L1rvb8FSbl+yKR4jd7IjUoVmKoWciPY=; b=c2h13lm7aRHvO9riPK0gfElFrSAj6WjMc4DwtS382kA1WbH9LE9FdLC3ZDqen7hU1C2iwKsefkdOhkCzzoSJwh/9B9ejoEewa5CSRRMl3D6j46aFnvfaqiddRa4+/764gmgZ3pNu3h6U3JFABzweTEouOuAof2faUkHBvy0IEslYbi8LMGQpFoMi6K9xzmwWTqEE3vzO7R7UgB0Pd3dGO9QvAWIq8YRU68fFZ7Ox8xpFSHgqLT0jxQAudl9XtqitLZkrdVI1Cb7KmT04iUJjDCkklYvWHAX4xStVc7vMtqTx4wVJ5HIB4BTFYyKFpsw8POu4JMBu6hWF5zWzBNXf9Q==
Received: from MEAPR01MB3654.ausprd01.prod.outlook.com (2603:10c6:201:38::9) by SY7PR01MB8755.ausprd01.prod.outlook.com (2603:10c6:10:216::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.21; Thu, 9 Apr 2026 12:12:05 +0000
Received: from MEAPR01MB3654.ausprd01.prod.outlook.com ([fe80::e2ae:955b:18b7:3064]) by MEAPR01MB3654.ausprd01.prod.outlook.com ([fe80::e2ae:955b:18b7:3064%5]) with mapi id 15.20.9769.016; Thu, 9 Apr 2026 12:12:05 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: RFCs on weakened crypto are not fixed by warnings
Thread-Index: AQHcx6otrscpgCF8H0ycQvABc2FVO7XWpG2h
Date: Thu, 09 Apr 2026 12:12:05 +0000
Message-ID: <MEAPR01MB3654DA28A8EE6229EF16B567EE582@MEAPR01MB3654.ausprd01.prod.outlook.com>
References: <20260408194014.928705.qmail@cr.yp.to> <0c51eec9-4446-4cf6-b07a-4481c68d2216@tu-dresden.de>
In-Reply-To: <0c51eec9-4446-4cf6-b07a-4481c68d2216@tu-dresden.de>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.auckland.ac.nz;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MEAPR01MB3654:EE_|SY7PR01MB8755:EE_
x-ms-office365-filtering-correlation-id: 0d31b4b9-33ae-44b9-eb9c-08de96313723
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|786006|366016|1800799024|376014|38070700021|56012099003|18002099003|22082099003;
x-microsoft-antispam-message-info: nHe5mmOMQ+sHi7G7/zVpMHFJNrKNYlLOocGBfAl2/ZMbfYwIVYNCwB11Rxg0KvxuTKxLdpn5DqmnjjKn11pFZBPXuJasOx1ktFsCiEAtcVXnNUR+D+v4l9ScmNu19uQbmw7xLyIZKB5s3pQMyVsQn93Mf2hp0p1v7jBAFwwN8KrI34k4tV1am0bwdsB/O/XQoHWsogN9oDzxFPAdi7ro/OTcSfhyC2K6C9e5f8x0fwwfpPixQu1c8Fh+iR4KHOlYNBwiCREZ/D1fFuNRQmuHi1ihPDzbduBsCqy0kK2Fpo8WRnOy64qBQ5FoP7s7kxOPYk79lh2Qv1A3uaiGIguvfQBYuc5wc6FojXPJy1WlE9YGWn9JQ1ghmYh6o6G6nQITHUl7MI4QQdPrcRL2ExzRYR91XpIesw/FQo4QTPVd87QSvlCDit9hh2H6faj6XQU4FZGvsSLpV2Lken31/c6DEuN2VA9tXpTCGPcf5U9pIdOjeNyYbJi2IzJSSGCYntEp33hYu3UfeagfU6QQSY5Z15q72ejIWJqAasGIW8yPN+BH3/jatnkP9nWGbPKrig9UXM4LmLA7rr5//RBVKrr4gqjgFeOfdUKHXdIvvMC/7Bx151nsK4L2Uh9Z2p940ErSo3cyZ58urzOr/5jYadZSVjWMiwnl9rIxkRrSYpTOjZ9kMwbsTG1FAyGNIM2SUJLsVK4Xf/dYCIXeMBi3uz0Jj9WJawm0hJcI+jhtTjQ/bPUXUZJnHF/le8+1bq4QCUP9bN6KK0XcMJphcX3vr3zR/4xIR4h9VJny93WCP7O0SVs=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MEAPR01MB3654.ausprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(786006)(366016)(1800799024)(376014)(38070700021)(56012099003)(18002099003)(22082099003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: CgQoeLRi1jQIXxhZZqZ1/qzPdNMuEUXAK84HYCotlbfplQDFEs/RAxraj8BPprL0WkeYxBnLDxh5q1nsEowrkHdvcqmVy8OPIk4kfqqGsuMj6A7kJa2ABZ2SGEkE44xUJOqXyfIcfQFbSg/q9iLLBfyBMmjqKhmpScq+JaYo0D8dBIe9+w8nDw/jSDn7+xfvXxzQ8cDmP1nxX2Q0KPCMdfkLx1bOI93sVrCnTlTEdS1Sst8aNd85BzQHxyU+yFVcXJBTLjWg0QIHBm8UanRg+cdnFr7mdPW/k/bX8+49jmZsN4Xzpebd5gXQBtE3akVpLEzaNcYO2A69OSvm3d4WEBf8ZVMiIBcliyASajFZ/8mmPRyR1l1Tj8FVjPQQgtwzeblT2AlcLffMu67eAOHuDMZh6nkmqdyXvi0OzQmk+xzTPOJiseWouLF2h6UfRJpispn54rXmy3MAPxi2JT8ooBonxL8/T4ksX3IwzTHfzWtHb47TrTnktG4VXJR1yhv8kph0sbA8J7z3zkzIHEcRP/QyQjF2ujBaq5Z2zvvE4He5vWVwhCMRn8cC1OMUHIr2KlzUTkl33SqT3NqGcE4bKlfJk/Yvi/A+cK84BCtp/pnLeXfFu5jTgwjvR199KjsW5voG68VcWq+3ahGkI0IUL6JNlNmBCafvUgNAQXknLJLM/LSACFxPawIFgbR0pSg3rjcjmRND3sy4pgLfM06KA4ii+onPTJsvlZjUhR1sET7VNq+NAauiwjzo/Key8C0+U8u+p5I6PrYdc6dYl9ckiNzFbWDrqcVs5WJylAsiFZAj+OQp/Jffh0HAjj1mVo25HyXknkO2AMdd+8U2jLu/WHcFw9LqPbDeRmaKAqIINDWQN/SK5zF+FP61AjIzSXHp4yT1bkaOh4wizyM+9y02GCfbgKcA0f8Po3UfxG3diMXBgbVFjbkRNqnjh6UVL9kDx6fkHv9DL5/T1WH51y3JbIal4JtxlWlsaPt+M1XjNALP7vvS+CbsD2CvmqKbkW8ugqTsgzHHYKxH9oddx0y4IxSqd/EytAk2oVnr2VzrXIogWcW2YZxZkvhh9SSclx5OJELFDkkqvefOWGhjqL1rymWSoONi47ZgkYTfdxCanoYC9aUO4K4dseK3Yw1kvO5rAozECEDeOByfa9xbGmL8LfFS1A/Uza9LRGoDt2BTLgEnsWHyL5cnHSaxV/Vz34a+F5mCiawWNt1HwJZaW7nI6FLKPo2kb5raYIgGrn/nqz4RKFf2gueEUkakT946G+/Td7GdnQ/btryrAtMtUgKgKANtFfqSqU5Jnp7ysprjImnCOdPjb6omn0CPnap3aOtIkj9Lep/yZfVuhw6tsWTuMbXhOELzTzAoJPDLs5qYjIkzBhGJeQGbGJTrFjLSDKqNF9zS57tP8cHGhnp/2TfGGqdfCX4k0XyLx48nK0l3070aKx6/RxGO3hv6yngWyDDGAeCU0GNvFy78hvDZMW6dVTOzjfHF0U5L9eRGGFGg95WaKVCKq9Y2wIJTUGm4YPADvldfY461DrQj2iz+jfm5oL817bG73ZWmFN2USYrzfASUaScMwNqV9RLZHgvc3bc0Yr0+HPo8PVpuDCTWodgpLZFOaHNPlExu5//LqcFUol3m8fYsL23eOew2/LxCIwRRvtDjFq0p6xylHyqzEIA+QAKWnsrzyLLvnRE0C5tZUuhWGRqElkjLd7qq//FB02qKMmgqv4SGDVnqh1yvkMNDB9YjcbVGCY+/qJZecP9eMt4n2ednRnC2LLlJlYzTkaFjTgPRQzyQ
x-ms-exchange-antispam-messagedata-1: 5/y3olOWB6ipFA==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MEAPR01MB3654.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0d31b4b9-33ae-44b9-eb9c-08de96313723
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2026 12:12:05.5806 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pRvawDJJDZV9dlAhSNfOXMLiGEkAgMtT9p0q8a0baidm737PhUR8PkI3lZpM0u8Fb4DRxphUmfpK/QTcCwchctPyAcdiFXM3PPxi7lalx78=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY7PR01MB8755
Message-ID-Hash: FABUACQVN4W7FBLVCRVNYZSYE3G5TM5N
X-Message-ID-Hash: FABUACQVN4W7FBLVCRVNYZSYE3G5TM5N
X-MailFrom: pgut001@cs.auckland.ac.nz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: RFCs on weakened crypto are not fixed by warnings
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GFEPmNhbXcW-RRPKQkcw_qlhxgE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> writes: >I am asking because to my knowledge, the formal (vs. cryptographic/ >computational) analyses consider that all ECC keys are leaked on the advent >of CRQC and essentially model it as a switch to leak all ECC keys All ECC keys are leaked *eventually*. Like, by the heat death of the universe. Virtually no-one ever gives any estimate of the time and effort involved in recovering a key via physics experiment because doing so makes things look kinda bad. One of the few figures we have is from the German BSI which estimates 100 days and EUR 4M in electricity to recover a single 2048- bit key on an imagined physics experiment. So a single quantum physics experiment can recover just over three keys a year at a cost of over EUR 12M. In 2017, 7 trillion keys were negotiated for web traffic alone (it's probably a lot higher now). So that leaves 6,999,999,999,997 keys unrecoverable, and that's ignoring the fact that the estimate was for the IFP, which is irrelevant, not the DLP, which is the one of interest for IPsec, TLS, SSH, WireGuard, etc. Peter.
- [TLS] RFCs on weakened crypto are not fixed by wa… D. J. Bernstein
- [TLS] Re: RFCs on weakened crypto are not fixed b… Viktor Dukhovni
- [TLS] Re: RFCs on weakened crypto are not fixed b… D. J. Bernstein
- [TLS] Re: RFCs on weakened crypto are not fixed b… Viktor Dukhovni
- [TLS] Re: RFCs on weakened crypto are not fixed b… Muhammad Usama Sardar
- [TLS] Re: RFCs on weakened crypto are not fixed b… Peter Gutmann
- [TLS] Re: RFCs on weakened crypto are not fixed b… Bas Westerbaan
- [TLS] Re: RFCs on weakened crypto are not fixed b… Peter Gutmann