[TLS] Re: Issue 56: AES as MTI

Simon Josefsson <simon@josefsson.org> Thu, 13 September 2007 08:36 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVkBP-0000uV-WB; Thu, 13 Sep 2007 04:36:20 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVkBO-0000uP-Bn for tls@ietf.org; Thu, 13 Sep 2007 04:36:18 -0400
Received: from yxa.extundo.com ([83.241.177.38]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IVkBN-000734-Sy for tls@ietf.org; Thu, 13 Sep 2007 04:36:18 -0400
Received: from mocca.josefsson.org (yxa.extundo.com [83.241.177.38]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l8D8ZtRg002874 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 Sep 2007 10:35:55 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Mike <mike-list@pobox.com>
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <46E883B4.4000907@pobox.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:070913:tls@ietf.org::/bejv5U5G/9b5WtR:4IwJ
X-Hashcash: 1:22:070913:mike-list@pobox.com::eDNJF7+oA9KNvJGQ:DbI1
Date: Thu, 13 Sep 2007 10:35:55 +0200
In-Reply-To: <46E883B4.4000907@pobox.com> (Mike's message of "Wed, 12 Sep 2007 17:26:28 -0700")
Message-ID: <87642faro4.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=unavailable version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: tls@ietf.org
Subject: [TLS] Re: Issue 56: AES as MTI
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Mike <mike-list@pobox.com> writes:

>> The current algorithm is 3DES_EDE_CBC. I would imagine we would use
>> AES_128_CBC. It's a much easier substitution than GCM and most
>> TLS stacks already support AES-CBC.
>
> I support AES-CBC in my implementation, but don't yet support GCM,
> just as one more data point for your decision.

The situation is the same for GnuTLS, FWIW.

> However, is 128-bit AES as strong as 192-bit 3DES?

The effective key size for 3DES is only 112 bits, see also:
http://en.wikipedia.org/wiki/Triple_DES

/Simon

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls