Re: [TLS] [Cfrg] 3DES diediedie

Brian Sniffen <bsniffen@akamai.com> Wed, 31 August 2016 17:20 UTC

Return-Path: <bsniffen@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2ED312D13F for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 10:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtgNMKcKCl7U for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 10:20:16 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id 615C112D10B for <tls@ietf.org>; Wed, 31 Aug 2016 10:20:16 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 04496200057; Wed, 31 Aug 2016 17:20:16 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id E27A320000B; Wed, 31 Aug 2016 17:20:15 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1472664015; bh=6+CGOPBd+GoUv3dIJtWtQ7DfIItuSMDQwA7sHS3rtVg=; l=2175; h=From:To:In-Reply-To:References:Date:From; b=TOtcinots3p6+qkpDJ2Pfxx7JF9j5m6vlFTztV4ueqUhQHf0lKF+/7mL/btUdvmq3 VUwPmLtTKq9O0f+tjNdFYVnKAD4+n/46LPPUhDwjFfnbEMuxOSXX2Q0IdStuR+a+T3 n8SHW3fLWd5uwT6u1mBU68x4S3NZ0be/iQELk9t4=
Received: from email.msg.corp.akamai.com (usma1ex-cas1.msg.corp.akamai.com [172.27.123.30]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id CA3591E084; Wed, 31 Aug 2016 17:20:15 +0000 (GMT)
Received: from usma1ex-dag3mb5.msg.corp.akamai.com (172.27.123.55) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 31 Aug 2016 10:20:15 -0700
Received: from USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) by usma1ex-dag3mb5.msg.corp.akamai.com (172.27.123.55) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 31 Aug 2016 10:20:15 -0700
Received: from bos-mpeve.kendall.corp.akamai.com (172.28.16.165) by USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) with Microsoft SMTP Server id 15.0.1178.4 via Frontend Transport; Wed, 31 Aug 2016 13:19:53 -0400
From: Brian Sniffen <bsniffen@akamai.com>
To: Hilarie Orman <hilarie@purplestreak.com>, <cfrg@irtf.org>, <tls@ietf.org>
In-Reply-To: <201608311655.u7VGtOt0027045@rumpleteazer.rhmr.com>
References: <201608311655.u7VGtOt0027045@rumpleteazer.rhmr.com>
User-Agent: Notmuch/0.22.1 (https://notmuchmail.org) Emacs/24.5.1 (x86_64-apple-darwin13.4.0)
Date: Wed, 31 Aug 2016 13:19:53 -0400
Message-ID: <m2lgzcyhxi.fsf@bos-mpeve.kendall.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/b4h-h58n2HeBQq4AVScXIERA8hg>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 17:20:17 -0000

Hilarie Orman <hilarie@purplestreak.com> writes:

>>  From: Derek Atkins <derek@ihtfp.com>
>>  Date: Wed, 31 Aug 2016 10:17:25 -0400
>
>>  "Steven M. Bellovin" <smb@cs.columbia.edu> writes:
>
>>  > Yes.  To a large extent, the "IoT devices are too puny for real
>>  > crypto" is a hangover from several years ago. It was once true; for
>>  > the most part, it isn't today, but people haven't flushed their cache
>>  > from the old received wisdom.
>
>>  This is certainly true for AES, mostly because many small chips are
>>  including AES accelerators in hardware.  It's not quite true for public
>>  key solutions; there are still very small devices where even ECC takes
>>  too long (and yes, there are cases where 200-400ms is still too long).
>
>>  > It pays to look again at David Wagner's slides from 2005, on sensor
>>  > nets and crypto:
>>  > https://people.eecs.berkeley.edu/~daw/talks/sens-oak05.pdf
>>  >
>
> Unattended sensors with wifi present an unsolved crypto problem.  They
> can last 10 years on an AA battery without crypto, probably well less
> than a year if they have to do any kind of encryption.  These things
> will be everywhere, providing the data that will underly all kinds of
> decision-making.

Assuming there are *some* integrity requirements for the data, and that
they are deploying 32-bit ARM with AES support (stipulating that ~every
CPU will have AES support in a few years, as ~every CPU sold does
today), we're talking about *either* an ECDHE negotiation every few
months or a pre-shared key, good for ten years.

AES-GCM with hardware support compares favorably to SHA-2 without
hardware support, so if they've been able to last 10 years before, they
should do just fine in the future.  The old devices won't last forever,
and probably can't run TLS 1.3---that's fine, TLS 1.2 will be with us
for ten years after 1.3 is out.

-Brian

> Although much of the solution may lie in hardware innovation, the
> world really does need minimal crypto algorithms.
>
> Hilarie
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls