Re: [TLS] [Cfrg] 3DES diediedie

"Hilarie Orman" <hilarie@purplestreak.com> Mon, 05 September 2016 19:07 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D55C112B27C; Mon, 5 Sep 2016 12:07:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pNZoykJwngEz; Mon, 5 Sep 2016 12:07:18 -0700 (PDT)
Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4282512B456; Mon, 5 Sep 2016 12:07:18 -0700 (PDT)
Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1bgzEi-0004pt-3D; Mon, 05 Sep 2016 13:07:16 -0600
Received: from [72.250.219.84] (helo=rumpleteazer.rhmr.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1bgzEc-0001we-Er; Mon, 05 Sep 2016 13:07:15 -0600
Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u85J6jCx012166; Mon, 5 Sep 2016 13:06:45 -0600
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id u85J6jWT012165; Mon, 5 Sep 2016 13:06:45 -0600
Date: Mon, 05 Sep 2016 13:06:45 -0600
Message-Id: <201609051906.u85J6jWT012165@rumpleteazer.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
To: tls@ietf.org, cfrg@irtf.org
In-reply-to: Yourmessage <CABrd9STOCbBo=g22XySRnWofHwVZkrC-ripZY38yLRZV2kQh3A@mail.gmail.com>
X-XM-SPF: eid=1bgzEc-0001we-Er; ; ; mid=<201609051906.u85J6jWT012165@rumpleteazer.rhmr.com>; ; ; hst=in01.mta.xmission.com; ; ; ip=72.250.219.84; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX1/SRaBJpfCJC5wPX5PVvARC
X-SA-Exim-Connect-IP: 72.250.219.84
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ;tls@ietf.org, cfrg@irtf.org
X-Spam-Relay-Country:
X-Spam-Timing: total 5182 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.7 (0.1%), b_tie_ro: 2.7 (0.1%), parse: 0.97 (0.0%), extract_message_metadata: 25 (0.5%), get_uri_detail_list: 2.5 (0.0%), tests_pri_-1000: 9 (0.2%), tests_pri_-950: 1.12 (0.0%), tests_pri_-900: 0.98 (0.0%), tests_pri_-400: 26 (0.5%), check_bayes: 25 (0.5%), b_tokenize: 7 (0.1%), b_tok_get_all: 8 (0.2%), b_comp_prob: 2.6 (0.1%), b_tok_touch_all: 4.0 (0.1%), b_finish: 0.76 (0.0%), tests_pri_0: 423 (8.2%), check_dkim_signature: 0.48 (0.0%), check_dkim_adsp: 171 (3.3%), tests_pri_500: 4689 (90.5%), poll_dns_idle: 4683 (90.4%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gwY-yJO9MSL8lrtxtebEedhJTz0>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2016 19:07:20 -0000

>  On 31 August 2016 at 20:48, Hilarie Orman <hilarie@purplestreak.com> wrote:

>  > >  From: Brian Sniffen <bsniffen@akamai.com>
>  >
>  > >  >>  From: Derek Atkins <derek@ihtfp.com>
>  > >  >>  Date: Wed, 31 Aug 2016 10:17:25 -0400
>  > >  >
>  > >  >>  "Steven M. Bellovin" <smb@cs.columbia.edu> writes:
>  > >  >
>  > >  >>  > Yes.  To a large extent, the "IoT devices are too puny for real
>  > >  >>  > crypto" is a hangover from several years ago. It was once true;
>  > for
>  > >  >>  > the most part, it isn't today, but people haven't flushed their
>  > cache
>  > >  >>  > from the old received wisdom.
>  > >  >
>  > >  >>  This is certainly true for AES, mostly because many small chips are
>  > >  >>  including AES accelerators in hardware.  It's not quite true for
>  > public
>  > >  >>  key solutions; there are still very small devices where even ECC
>  > takes
>  > >  >>  too long (and yes, there are cases where 200-400ms is still too
>  > long).
>  > >  >
>  > >  >>  > It pays to look again at David Wagner's slides from 2005, on
>  > sensor
>  > >  >>  > nets and crypto:
>  > >  >>  > https://people.eecs.berkeley.edu/~daw/talks/sens-oak05.pdf
>  > >  >>  >
>  > >  >
>  > >  > Unattended sensors with wifi present an unsolved crypto problem.  They
>  > >  > can last 10 years on an AA battery without crypto, probably well less
>  > >  > than a year if they have to do any kind of encryption.  These things
>  > >  > will be everywhere, providing the data that will underly all kinds of
>  > >  > decision-making.
>  >
>  > >  Assuming there are *some* integrity requirements for the data, and that
>  > >  they are deploying 32-bit ARM with AES support (stipulating that ~every
>  > >  CPU will have AES support in a few years, as ~every CPU sold does
>  > >  today), we're talking about *either* an ECDHE negotiation every few
>  > >  months or a pre-shared key, good for ten years.
>  >
>  > >  AES-GCM with hardware support compares favorably to SHA-2 without
>  > >  hardware support, so if they've been able to last 10 years before, they
>  > >  should do just fine in the future.  The old devices won't last forever,
>  > >  and probably can't run TLS 1.3---that's fine, TLS 1.2 will be with us
>  > >  for ten years after 1.3 is out.
>  >
>  > >  -Brian
>  >
>  > >  > Although much of the solution may lie in hardware innovation, the
>  > >  > world really does need minimal crypto algorithms.
>  > >  >
>  > >  > Hilarie
>  > >  >
>  >
>  > An ARM is far too much hardware to throw at "read sensor/munge data/send
>  > data".
>  >

>  The question is not "how much hardware?" but "price?" - with  ARMs
>  including h/w AES coming in at $2 for a single unit, its hard to explain
>  why you\d want to use a less powerful CPU...


>  >
>  > Hilarie
>  >

Power.

Hilarie