Re: [TLS] [Cfrg] 3DES diediedie
Brian Sniffen <bsniffen@akamai.com> Wed, 31 August 2016 17:20 UTC
Return-Path: <bsniffen@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2ED312D13F for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 10:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtgNMKcKCl7U for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 10:20:16 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id 615C112D10B for <tls@ietf.org>; Wed, 31 Aug 2016 10:20:16 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 04496200057; Wed, 31 Aug 2016 17:20:16 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id E27A320000B; Wed, 31 Aug 2016 17:20:15 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1472664015; bh=6+CGOPBd+GoUv3dIJtWtQ7DfIItuSMDQwA7sHS3rtVg=; l=2175; h=From:To:In-Reply-To:References:Date:From; b=TOtcinots3p6+qkpDJ2Pfxx7JF9j5m6vlFTztV4ueqUhQHf0lKF+/7mL/btUdvmq3 VUwPmLtTKq9O0f+tjNdFYVnKAD4+n/46LPPUhDwjFfnbEMuxOSXX2Q0IdStuR+a+T3 n8SHW3fLWd5uwT6u1mBU68x4S3NZ0be/iQELk9t4=
Received: from email.msg.corp.akamai.com (usma1ex-cas1.msg.corp.akamai.com [172.27.123.30]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id CA3591E084; Wed, 31 Aug 2016 17:20:15 +0000 (GMT)
Received: from usma1ex-dag3mb5.msg.corp.akamai.com (172.27.123.55) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 31 Aug 2016 10:20:15 -0700
Received: from USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) by usma1ex-dag3mb5.msg.corp.akamai.com (172.27.123.55) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 31 Aug 2016 10:20:15 -0700
Received: from bos-mpeve.kendall.corp.akamai.com (172.28.16.165) by USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) with Microsoft SMTP Server id 15.0.1178.4 via Frontend Transport; Wed, 31 Aug 2016 13:19:53 -0400
From: Brian Sniffen <bsniffen@akamai.com>
To: Hilarie Orman <hilarie@purplestreak.com>, cfrg@irtf.org, tls@ietf.org
In-Reply-To: <201608311655.u7VGtOt0027045@rumpleteazer.rhmr.com>
References: <201608311655.u7VGtOt0027045@rumpleteazer.rhmr.com>
User-Agent: Notmuch/0.22.1 (https://notmuchmail.org) Emacs/24.5.1 (x86_64-apple-darwin13.4.0)
Date: Wed, 31 Aug 2016 13:19:53 -0400
Message-ID: <m2lgzcyhxi.fsf@bos-mpeve.kendall.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/b4h-h58n2HeBQq4AVScXIERA8hg>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 17:20:17 -0000
Hilarie Orman <hilarie@purplestreak.com> writes: >> From: Derek Atkins <derek@ihtfp.com> >> Date: Wed, 31 Aug 2016 10:17:25 -0400 > >> "Steven M. Bellovin" <smb@cs.columbia.edu> writes: > >> > Yes. To a large extent, the "IoT devices are too puny for real >> > crypto" is a hangover from several years ago. It was once true; for >> > the most part, it isn't today, but people haven't flushed their cache >> > from the old received wisdom. > >> This is certainly true for AES, mostly because many small chips are >> including AES accelerators in hardware. It's not quite true for public >> key solutions; there are still very small devices where even ECC takes >> too long (and yes, there are cases where 200-400ms is still too long). > >> > It pays to look again at David Wagner's slides from 2005, on sensor >> > nets and crypto: >> > https://people.eecs.berkeley.edu/~daw/talks/sens-oak05.pdf >> > > > Unattended sensors with wifi present an unsolved crypto problem. They > can last 10 years on an AA battery without crypto, probably well less > than a year if they have to do any kind of encryption. These things > will be everywhere, providing the data that will underly all kinds of > decision-making. Assuming there are *some* integrity requirements for the data, and that they are deploying 32-bit ARM with AES support (stipulating that ~every CPU will have AES support in a few years, as ~every CPU sold does today), we're talking about *either* an ECDHE negotiation every few months or a pre-shared key, good for ten years. AES-GCM with hardware support compares favorably to SHA-2 without hardware support, so if they've been able to last 10 years before, they should do just fine in the future. The old devices won't last forever, and probably can't run TLS 1.3---that's fine, TLS 1.2 will be with us for ten years after 1.3 is out. -Brian > Although much of the solution may lie in hardware innovation, the > world really does need minimal crypto algorithms. > > Hilarie > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Benjamin Kaduk
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Viktor Dukhovni
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie david wong
- Re: [TLS] [Cfrg] 3DES diediedie Eric Rescorla
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] 3DES diediedie Geoffrey Keating
- Re: [TLS] 3DES diediedie Dmitry Belyavsky
- Re: [TLS] [Cfrg] 3DES diediedie Stanislav V. Smyshlyaev
- Re: [TLS] 3DES diediedie Hanno Böck
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Watson Ladd
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Karthikeyan Bhargavan
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- [TLS] (confusing the issues) Re: [Cfrg] 3DES died… Rene Struik
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] (confusing the issues) Re: [Cfrg] 3DES … Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Jon Callas
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Jon Callas
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Rene Struik
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Greg Rose
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Brian Sniffen
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Philip Levis
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] [Cfrg] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Salz, Rich
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Yoav Nir
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose