Re: [TLS] Comparative cipher suite strengths

<Michael.G.Williams@nokia.com> Wed, 22 April 2009 14:43 UTC

Return-Path: <Michael.G.Williams@nokia.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D39B83A6D6A for <tls@core3.amsl.com>; Wed, 22 Apr 2009 07:43:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.524
X-Spam-Level:
X-Spam-Status: No, score=-6.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qvR-SbchDIF7 for <tls@core3.amsl.com>; Wed, 22 Apr 2009 07:43:23 -0700 (PDT)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id 688303A6F14 for <tls@ietf.org>; Wed, 22 Apr 2009 07:43:23 -0700 (PDT)
Received: from vaebh105.NOE.Nokia.com (vaebh105.europe.nokia.com [10.160.244.31]) by mgw-mx06.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id n3MEiJp0001829; Wed, 22 Apr 2009 17:44:26 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by vaebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 22 Apr 2009 17:44:28 +0300
Received: from vaebh101.NOE.Nokia.com ([10.160.244.22]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 22 Apr 2009 17:44:27 +0300
Received: from smtp.mgd.nokia.com ([65.54.30.6]) by vaebh101.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 22 Apr 2009 17:44:22 +0300
Received: from nok-am1mhub-06.mgdnok.nokia.com (65.54.30.10) by NOK-am1MHUB-02.mgdnok.nokia.com (65.54.30.6) with Microsoft SMTP Server (TLS) id 8.1.340.0; Wed, 22 Apr 2009 16:44:22 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-06.mgdnok.nokia.com ([65.54.30.10]) with mapi; Wed, 22 Apr 2009 16:44:11 +0200
From: Michael.G.Williams@nokia.com
To: smb@cs.columbia.edu, ekr@networkresonance.com
Date: Wed, 22 Apr 2009 16:44:06 +0200
Thread-Topic: [TLS] Comparative cipher suite strengths
Thread-Index: AcnDVeLJNiWn+iPoT0mVmdmAF92AUwAAk+Ig
Message-ID: <E10EF1DF7E0888498EB1A82965214D3427F137C4DF@NOK-EUMSG-01.mgdnok.nokia.com>
References: <90E934FC4BBC1946B3C27E673B4DB0E46A6136F31C@LLE2K7-BE01.mitll.ad.local> <20090422134627.C58A718852A@kilo.networkresonance.com> <20090422100123.4bc39978@cs.columbia.edu> <20090422141411.4E310188553@kilo.networkresonance.com> <20090422102230.0f29cf54@cs.columbia.edu>
In-Reply-To: <20090422102230.0f29cf54@cs.columbia.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 22 Apr 2009 14:44:22.0843 (UTC) FILETIME=[D36CC8B0:01C9C358]
X-Nokia-AV: Clean
Cc: tls@ietf.org
Subject: Re: [TLS] Comparative cipher suite strengths
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2009 14:43:24 -0000

Just FYI, in IEEE 802 there was a lengthy discussion to try and reach a shorthand way of expressing the relative strength of each suite as expressed in the NIST lists. The shorthand was to be used in a network information IE, and in mobile device policy when evaluating which networks to attach to. No conclusion on how to do it was reached, so that approach was abandoned.

Kind Regards,
Michael


-----Original Message-----
From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of ext Steven M. Bellovin
Sent: 22 April, 2009 07:23
To: Eric Rescorla
Cc: 'tls@ietf.org'
Subject: Re: [TLS] Comparative cipher suite strengths

On Wed, 22 Apr 2009 07:14:11 -0700
Eric Rescorla <ekr@networkresonance.com> wrote:

> > Second, 1024-bit RSA is a much weaker link than 128-bit AES *today*
> > -- they should switch to 2048- or 3072-bit RSA even if they stick 
> > with 128-bit AES.
> 
> This I only sort of agree with: symmetric algorithms come in 
> relatively rough granularity. If I was happy with 80 bits of security 
> (which is apparently what NIST claims for RSA-1024, though I've also 
> heard 72), then there's no good reason to make my PK much slower just 
> b/c NIST has declined to give me an 80-bit algorithm.
> 
Assuming, of course, that people realized how weak 1024-bit RSA is, you're right.  Did people realize that?  *Do* people realize it?  When I look at the number of CA certs in my browser that use 1024-bit keys, I worry...

		--Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls