Re: [TLS] security levels for TLS
Nicolas Williams <Nicolas.Williams@sun.com> Thu, 11 October 2007 16:23 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ig0oi-0000Ys-Un; Thu, 11 Oct 2007 12:23:20 -0400
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1Ig0oh-0000Yi-Lr for tls-confirm+ok@megatron.ietf.org; Thu, 11 Oct 2007 12:23:19 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ig0oh-0000YZ-CK for tls@lists.ietf.org; Thu, 11 Oct 2007 12:23:19 -0400
Received: from sca-ea-mail-4.sun.com ([192.18.43.22]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ig0nd-0000s1-0b for tls@lists.ietf.org; Thu, 11 Oct 2007 12:23:19 -0400
Received: from centralmail4brm.Central.Sun.COM ([129.147.62.198]) by sca-ea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l9BGLt4i017697 for <tls@lists.ietf.org>; Thu, 11 Oct 2007 16:21:55 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by centralmail4brm.Central.Sun.COM (8.13.6+Sun/8.13.6/ENSMAIL, v2.2) with ESMTP id l9BGLs2u029507 for <tls@lists.ietf.org>; Thu, 11 Oct 2007 10:21:54 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id l9BGLsoW027048; Thu, 11 Oct 2007 11:21:54 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id l9BGLrPn027047; Thu, 11 Oct 2007 11:21:53 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Thu, 11 Oct 2007 11:21:53 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Eric Rescorla <ekr@networkresonance.com>
Subject: Re: [TLS] security levels for TLS
Message-ID: <20071011162153.GO24532@Sun.COM>
References: <c331d99a0710080621g7c0ec91et35c46553c23f4402@mail.gmail.com> <p0624082fc331b0ed0ecc@[192.168.1.100]> <FA998122A677CF4390C1E291BFCF59890849871E@EXCH.missi.ncsc.mil> <470D0243.3050009@pobox.com> <20071010180324.7ABC533C21@delta.rtfm.com> <470E4399.3010008@pobox.com> <20071011155829.965C733C28@delta.rtfm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20071011155829.965C733C28@delta.rtfm.com>
User-Agent: Mutt/1.5.7i
X-Spam-Score: -1.0 (-)
X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64
Cc: tls@lists.ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
On Thu, Oct 11, 2007 at 08:58:27AM -0700, Eric Rescorla wrote: > At Thu, 11 Oct 2007 08:39:05 -0700, > Mike wrote: > > > > I think there is good reason to try to solve this problem > > in the TLS layer. The alternative is to force every TLS- > > enabled application to solve it (and likely they won't > > solve it and be less secure). Wouldn't it be ideal if an > > application could just say: > > > > TLS::SetSecurityLevel (3); > > No, it would not, because, I've now said several times, security is > not expressible via a single metric, making this a complete rathole. Agreed. SASL used to have a notion of "security strength factor" (SSF), and that was a disaster. You cannot calculate an _absolute_ and _objective_ measure of security for anything, least of all cryptographic algorithms subject to future cryptanalytic advances (i.e., all of them). (Don't even mention future quantum computers.) Basically, the best you could do is have an application choose a cryptographic profile by descriptive names like "strong" and "fast," but where the content of such profiles is subject to change over time, and perhaps even a local matter. Today "strong" might mean AES-128 is OK, and tomorrow it might mean only AES-256 is OK, and the next day it might mean something else, and so on. > > Currently an application has to do the following: > > > > Again, do you have any evidence this is a problem in practice. > I appreciate it's a potential problem *in theory* but that's > not the same thing. The easy answer is to give the application fewer choices, namely a choice of locally-configured profiles (see above). In fact, I strongly urge TLS API developers to provide such a facility. > And again, this is an API/local isssue. IETF doesn't do > those. There you go again. The IETF most certainly deals in APIs. Though in this case I think the IETF need not have any specifications requiring or recommending a facility like I describe above. If it helps ward off requests for silly things like "security strength factors" and those are common enough, then perhaps we should indeed have an information RFC explaining why we can't and what developers can do instead. Nico -- _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Yngve Nysaeter Pettersen
- Re: [TLS] security levels for TLS Paul Hoffman
- RE: [TLS] security levels for TLS Kemp, David P.
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Steven M. Bellovin
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Paul Hoffman
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Paul Hoffman