Re: [TLS] 3DES diediedie
Tony Arcieri <bascule@gmail.com> Thu, 25 August 2016 03:38 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3836512D5C5 for <tls@ietfa.amsl.com>; Wed, 24 Aug 2016 20:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVxAReEeJ6vz for <tls@ietfa.amsl.com>; Wed, 24 Aug 2016 20:38:09 -0700 (PDT)
Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F71C12D0B0 for <tls@ietf.org>; Wed, 24 Aug 2016 20:38:09 -0700 (PDT)
Received: by mail-ua0-x235.google.com with SMTP id k90so63328875uak.1 for <tls@ietf.org>; Wed, 24 Aug 2016 20:38:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=L0/J7IBG4p1Okp7VDG2HErfRhXz/SMdjWyO88gYSHXU=; b=DibTq7wnU3Tp2mGz6/qO7m/od4DmwBc5b9TrNWj0IAZ4g2RSnHqsjYZrRtkpalCiIN OBzdMXN+7YeLZ0gMIyzNoA4/tTJkOqe2QDpVn/IzzGwJoJs6myYHiqbd4PWz/1G3/Wfl RxSqGavK+Us1XAg1v0JufpWBCfislViWlUf0svZS5Q6K9JPafpC7sVA8xJ9gUwOa/Bp9 iH90tcOCL/jSxXi6jUTW7Z+i9Atpcl+lBiHca1Nk+1UnCqmf3FPHGnjq3tkm9ARTMhWE Nlr4e0z/Yp04hglERjRmdcFzwtJKoZZlEbtOqScjIEUgiPWh83U7ed7kCgwYZ5yQ66zc jCdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=L0/J7IBG4p1Okp7VDG2HErfRhXz/SMdjWyO88gYSHXU=; b=advUs9EGaHKYh9yzi+v00BlWq8PPBY7j+mBWU27PN5Woc0uBvaX5NEOskusmvBJn6B 9/iIkKQTJWQt8c+DF7TAf2fIFTa3+zhAB62NfQU6HCBW1TBzkuCkvpwl/pskEiESQ4MA Yx+2s3QDLGPv3m+/teFkne3doapP8SjUupUSPxxeZa8iO5QHNgiA3grtuGxG5ArHeAKi 8VP8a38Z8GEVVOWvhYVAyYBhmDpCd4g3iyYWY1ZmItqoY/QV2Oxf6iXq+Q/LWcEn/SH2 lrX74kordooDV9wNOcXwQeZ7BkYOkzwY0PJpBF07LkIiCWyMLOO9Pobhm9g/P6kmB/31 mdLw==
X-Gm-Message-State: AEkooutqjjaUc/jqHlwvtPWlCl/Yeaw6RbOs03HcX0o20pYhFRYHM3RkOWrUiBAkO+6iaTWDp6avWhDWJq2sjw==
X-Received: by 10.31.110.135 with SMTP id j129mr3700537vkc.81.1472096288166; Wed, 24 Aug 2016 20:38:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.82.27 with HTTP; Wed, 24 Aug 2016 20:37:47 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4D01F6E@uxcn10-5.UoA.auckland.ac.nz>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4D01F6E@uxcn10-5.UoA.auckland.ac.nz>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 24 Aug 2016 20:37:47 -0700
Message-ID: <CAHOTMVKyub+J0Vx+UryDEAHdJRYRTmZ1wvLmEBkSor7pOrXy_w@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="94eb2c14acf2551280053add208e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QjCvO12Xr9tWQ4iI1j6UPfQWFZ0>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 03:38:10 -0000
On Wed, Aug 24, 2016 at 8:28 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Only if there's an actualy issue. 3DES is still very widely supported > (particularly in financial systems and embedded) As someone who works professionally in the payments industry alongside people who are directly implementing EMV protocols, let me note: those are not IETF protocols and should not have bearing on IETF/IRTF decisions regarding deprecations of protocols in TLS or other IETF protocols. But I'm mainly concerned with TLS... and provides a useful backup to AES. So does ChaCha20. > An attack that recovers cookie if you can record 785GB of traffic isn't > anything I'm losing any sleep over. ..but is not a terribly dissimilar traffic volume to recover plaintexts from similar attacks against RC4, which received "diediedie" in RFC7465. Perhaps notable is the RC4 attacks work across multiple session keys, whereas SWEET32 requires the same key, but I think the practical consequences regarding data volume limits are similar. -- Tony Arcieri
- [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Benjamin Kaduk
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Viktor Dukhovni
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie david wong
- Re: [TLS] [Cfrg] 3DES diediedie Eric Rescorla
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] 3DES diediedie Geoffrey Keating
- Re: [TLS] 3DES diediedie Dmitry Belyavsky
- Re: [TLS] [Cfrg] 3DES diediedie Stanislav V. Smyshlyaev
- Re: [TLS] 3DES diediedie Hanno Böck
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Watson Ladd
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Karthikeyan Bhargavan
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- [TLS] (confusing the issues) Re: [Cfrg] 3DES died… Rene Struik
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] (confusing the issues) Re: [Cfrg] 3DES … Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Jon Callas
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Jon Callas
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Rene Struik
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Greg Rose
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Brian Sniffen
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Philip Levis
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] [Cfrg] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Salz, Rich
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Yoav Nir
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose