Re: [TLS] A la carte handshake negotiation
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 22 July 2015 10:27 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E59CC1AD241 for <tls@ietfa.amsl.com>; Wed, 22 Jul 2015 03:27:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38ARP4kzSTyg for <tls@ietfa.amsl.com>; Wed, 22 Jul 2015 03:27:28 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C25E1AD16B for <tls@ietf.org>; Wed, 22 Jul 2015 03:27:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1437560848; x=1469096848; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=sB3xcGlB3L2ctmun/t5ZrAZDs49BYKodOGixO33YiHA=; b=KEHCGhMLNwhpCrka5FkAbxUe+s8GGAq34D0dVFYDvu+FY02I0PsehVMF jPd256h4TohGXtWhXOxY7RCzkrb524iIAJAzBvi/W3dGkMQoSq3xS2Rt0 6llxQevZJLplePtW0RlIhlfxDQGhmIwXalw+j+W7yf5l7MqLxgtlKbh3x ycfq0HRVVfSMaRkgbQIfpO4wjmH3RxuP4E0MQN4jvLCvA04rQ9zSN4taB Voe0SylQHqVPQ55IkUSlFH4avIFrvnOupEnKi+PCSbJ/2+owxN6t1fo9g TEjEDRocLRX89WORiYxVslFn+FsNhtJPgVZwBThfcT/0uCRjsOYKsb5tt Q==;
X-IronPort-AV: E=Sophos;i="5.15,522,1432555200"; d="scan'208";a="29939116"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from uxchange10-fe1.uoa.auckland.ac.nz ([130.216.4.112]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 22 Jul 2015 22:27:24 +1200
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.151]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.03.0174.001; Wed, 22 Jul 2015 22:27:23 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [TLS] A la carte handshake negotiation
Thread-Index: AQHQwlRUbbvimOYW+0W0bK2NXNrprp3iW/eAgAAXkICAA4OIAIAAcfAAgAAHbYCAAAQxgIAA10qJ
Date: Wed, 22 Jul 2015 10:27:23 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AB068BE4@uxcn10-tdc05.UoA.auckland.ac.nz>
References: <201506111558.21577.davemgarrett@gmail.com> <CABcZeBPJUXdhER3qLiq0e_wK4bxCxw6D+Oq+3ZFXGeo6Bn1sXw@mail.gmail.com> <201507191622.47921.davemgarrett@gmail.com> <201507212202.21120.davemgarrett@gmail.com> <CAJU8_nUHMQAMKs15uVz=wsO4VnDp+chKPP36Q7QeR8hhD5vorQ@mail.gmail.com> <CABkgnnX_-1UO75xPyMOYJh2xoCU20Uee97YtB0t0Sae70ZfYFw@mail.gmail.com>, <20150722093143.GA7186@LK-Perkele-VII>
In-Reply-To: <20150722093143.GA7186@LK-Perkele-VII>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Y1T5Gmpm0BAn-uIg1zEVUU1ZEdc>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] A la carte handshake negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 10:27:34 -0000
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> writes: >Furthermore, comparing the strengths of kex, auth, ciphering and PRF seems >like comparing apples, orangles, pears and kumquants. > >Even if the nominal strengths are the same, the scaling of strengths is going >to be different (e.g. the quadric vs. linear sub-treshold scaling for ECDH vs. >symmetric). +1. It's just more numerology: (In case you're wondering why you shouldn't go straight to 2048 bits, this is another piece of cryptographic numerology that arises from the confusing idea of algorithm pairings, that every conventional encryption algorithm or key size has to be somehow matched up to a public-key algorithm key size. Since conventional encryption algorithms generally have the property that every single bit added to the key doubles the work factor needed to break it by brute force while public-key algorithms don't, this means that attempts to pair conventional-encryption with public-key sizes leads to insanely large public keys as the conventional-encryption key sizes get larger. Using any known technology it's unlikely that humans can ever get beyond about 2^^100 operations, which means that common key sizes of 112 bits (triple DES), 128 bits (AES), 192 bits (AES again), and 256 bits (yet more AES, because you can never have too many key sizes) are all equally unbreakable, and yet the desire for algorithm pairing means that we're supposed to go to public-key sizes of 2048, 3072, 7680, and 15,360 bits respectively for all of these equally-unbreakable conventional key sizes ["Recommendations for Key Management --- Part 1: General", Elaine Barker, William Barker, William Burr, William Polk and Miles Smid, NIST Special Publication 800-57, 9 July 2012]. This is a good example of the strange places that cryptographic numerology can lead you if you believe in it too fervently). So really the table of key sizes should be: Conventional RSA/DH --------------- ------ 100 bits 1536 bits 112 (ie. > 100) 1536 bits 128 (ie. > 100) 1536 bits 192 (ie. > 100) 1536 bits 256 (ie. > 100) 1536 bits Anything > 100 1536 bits Peter.
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Aaron Zauner
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Aaron Zauner
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- [TLS] ECDH_anon I-D (was: A la carte handshake ne… Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Salz, Rich
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Salz, Rich
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Daniel Kahn Gillmor
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Daniel Kahn Gillmor
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Peter Gutmann
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Manuel Pegourie-Gonnard
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Kyle Rose
- Re: [TLS] A la carte handshake negotiation Martin Thomson
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Peter Gutmann
- Re: [TLS] A la carte handshake negotiation Kyle Rose
- Re: [TLS] A la carte handshake negotiation Peter Gutmann