Re: [TLS] [Cfrg] 3DES diediedie

Joachim Strömbergson <joachim@secworks.se> Mon, 29 August 2016 12:56 UTC

Return-Path: <joachim@secworks.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F4012D58A for <tls@ietfa.amsl.com>; Mon, 29 Aug 2016 05:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lkCyyudweIO0 for <tls@ietfa.amsl.com>; Mon, 29 Aug 2016 05:56:40 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A97F12D0FE for <tls@ietf.org>; Mon, 29 Aug 2016 05:56:40 -0700 (PDT)
Received: from Knubbis.local (unknown [80.252.219.34]) by mail.frobbit.se (Postfix) with ESMTPSA id DA4E421EEE; Mon, 29 Aug 2016 14:56:37 +0200 (CEST)
Message-ID: <57C43102.7090902@secworks.se>
Date: Mon, 29 Aug 2016 14:56:34 +0200
From: =?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <joachim@secworks.se>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: "David McGrew (mcgrew)" <mcgrew@cisco.com>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <F42128A0-9682-4042-8C7E-E3686743B314@cisco.com> <9A043F3CF02CD34C8E74AC1594475C73F4D0473F@uxcn10-5.UoA.auckland.ac.nz> <B749662D-B518-46E0-A51D-4AD1D30A8ED2@cisco.com> <9A043F3CF02CD34C8E74AC1594475C73F4D0528F@uxcn10-5.UoA.auckland.ac.nz> <3401C8F7-5A74-4D02-96F5-057E9A45F8B0@cisco.com>
In-Reply-To: <3401C8F7-5A74-4D02-96F5-057E9A45F8B0@cisco.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IQ2j2bbnPWwdp5r5tmMxKit-tHc>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2016 12:56:43 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

As a side note, there has been a bunch of lightweight block ciphers
suggested the last few years, most of them with a block size of 64 bits.
And there has been discussion on IETF maillists about IETF accepting
them. For example the SIMON and SPECK ciphers. These ciphers can have
block sizes as small as 32 bits.

https://www.cryptolux.org/images/a/a0/Beaulieu-DAC2015.pdf
https://eprint.iacr.org/2015/209.pdf

Yours
JoachimS



David McGrew (mcgrew) wrote:
> Hi Peter,
> 
> You make a bunch of good points.   But it is also worth noting that
> some people feel that current crypto standards, including IETF
> standards, are suitable for IoT.   See for instance slides 8 and 9 of
> Daniel Shumow's talk at NIST’s LWC workshop last year:
> http://csrc.nist.gov/groups/ST/lwc-workshop2015/presentations/session4-shumow.pdf
> Also, CoAP isn’t on his list, but it could be, and it uses DTLS.   So
> while I agree with you that overuse of a 64-bit block cipher is far
> from the biggest security concern for IoT, the IETF should expect its
> protocols to be used in some IoT scenarios.
> 
> The malleability of the term IoT is causing trouble here.   Slide 6
> of Daniel’s talk is quite revealing.  To my thinking, by definition
> IoT devices are connected to the Internet in some way.
> 
> David
> 
> 
> 
> On 8/28/16, 8:01 AM, "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
> wrote:
> 
>> David McGrew (mcgrew) <mcgrew@cisco.com> writes:
>> 
>>> I don’t think you understood my point. IoT is about small devices
>>> connecting to the Internet, and IETF standards should expect
>>> designed-for-IoT crypto to be increasingly in scope.  It is
>>> important to not forget about these devices, amidst the current
>>> attention being paid to misuses of 64-bit block ciphers, which
>>> was the ultimate cause of this mail thread.
>> But the IETF has a long history of creating standards that
>> completely ignore IoT.  I can't think of a single general-purpose
>> IETF security standard (TLS, SSH, IPsec, etc) that has any hope of
>> working with IoT devices (say a 40Mhz ARM-core ASIC with 32kB RAM
>> and 64kB flash).  This is why the ITU/IEC and a million
>> lesser-known standards bodies are all busy inventing their own 
>> exquisitely homebrew crypto protocols, most of which make WEP look
>> like a model of good design.
>> 
>> (I've always wanted to sit down and design a generic "encrypted
>> pipe from A to B using minimal resources" spec, and I'm sure many
>> other people have had the same thought at one time or another).
>> 
>> So it seems like you've got:
>> 
>> - The "TLS = the web" crowd (browser vendors and the like) who will
>> implement whatever's trendy at the moment and assume everyone has a
>> quad-core 2GHz CPU with gigabytes of RAM and access to weekly live
>> updates and hotfixes.
>> 
>> - Embedded/SCADA folks who need to deal with 10-15 year product
>> cycles (see my TLS-LTS draft for more on this) and are kind of
>> stuck.
>> 
>> - IoT people, who can't use any standard protocol and will get the
>> least unqualified person on staff to invent something that seems OK
>> to them.
>> 
>> I'm not sure that a draft on theoretical weaknesses in 64-bit block
>> ciphers is going to affect any of those...
>> 
>> Peter.
> _______________________________________________ TLS mailing list 
> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls


- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim@secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJXxDECAAoJEF3cfFQkIuyNY1UP/2lUJo53s27wlqvgPWpZYWzi
HViof7jYA7yvbZm9SeYkV88y4sOMUQrhSsAWUZ7GfwcjkjC8+sL8mD7uacPx0zpW
rAnLnAHJbnU8rkWRT2OKWiZBvwMpMNw/UYGy13dwilRExj22N4dsLK98vath3r52
FjAIL2GpCWUuzPB6P5d+B8MjEwEr1tEYzvlvWo032RB91irOOKveryGGe5ifnSKj
SP1a9CbakaLdTHMkrhOre0I4Ckr2A97eI3oo/5QjRJ81zKJ/4VZzOOe3lGjPkXhO
kzkANctte+Eb5ttlaXcg/dL7lStzaYo8rnm3PRHsBKpHr/oNEgbdJti1U78/MfLf
o0v+s4TbY7YBPXOU7zKWpo9VD1Mcq9eMAslIQokEE2CfIq3wBSEEgKwJXu6HVSht
Ohahc7HUBnz2+uXJ+x4hl/bW/qM3DFhTfhPCYQ11IiXpPlxhsAnxbszBe4XtHd7y
z2Uc+Jef8aUq7sEGYBdcnGs+SSNFQwtUIicKI3pU61xvtAhqRriNOsfmCVvC2V7Z
iz5EodInPjUBkVMwDbmiFd5lp782SqYZsivwabPGE1p2GG+o421KZmQJ3VRC3ctw
xjwk2HszIv7Wo+gomL0hqF7Wi0YIP556rRYrRMc9gLV513xzxD5T99eR+2HtiRJF
TvYYPXZjzP087liGF7SA
=Z0iM
-----END PGP SIGNATURE-----