Re: [TLS] [Cfrg] 3DES diediedie

"Hilarie Orman" <hilarie@purplestreak.com> Wed, 31 August 2016 19:48 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A435812D76A; Wed, 31 Aug 2016 12:48:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kb7oKJkXrJth; Wed, 31 Aug 2016 12:48:25 -0700 (PDT)
Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9307712D763; Wed, 31 Aug 2016 12:48:25 -0700 (PDT)
Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1bfBUm-0004xP-FS; Wed, 31 Aug 2016 13:48:24 -0600
Received: from [72.250.219.84] (helo=rumpleteazer.rhmr.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1bfBUh-0006Gr-7y; Wed, 31 Aug 2016 13:48:24 -0600
Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u7VJmCVo018787; Wed, 31 Aug 2016 13:48:12 -0600
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id u7VJmChl018731; Wed, 31 Aug 2016 13:48:12 -0600
Date: Wed, 31 Aug 2016 13:48:12 -0600
Message-Id: <201608311948.u7VJmChl018731@rumpleteazer.rhmr.com>
From: "Hilarie Orman" <hilarie@purplestreak.com>
To: tls@ietf.org, cfrg@irtf.org
In-reply-to: Yourmessage <m2lgzcyhxi.fsf@bos-mpeve.kendall.corp.akamai.com>
X-XM-SPF: eid=1bfBUh-0006Gr-7y; ; ; mid=<201608311948.u7VJmChl018731@rumpleteazer.rhmr.com>; ; ; hst=in01.mta.xmission.com; ; ; ip=72.250.219.84; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX1+5F8eDz/iICr5a6fraBVca
X-SA-Exim-Connect-IP: 72.250.219.84
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ;tls@ietf.org, cfrg@irtf.org
X-Spam-Relay-Country:
X-Spam-Timing: total 4804 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.4 (0.1%), b_tie_ro: 2.4 (0.1%), parse: 0.68 (0.0%), extract_message_metadata: 21 (0.4%), get_uri_detail_list: 2.0 (0.0%), tests_pri_-1000: 8 (0.2%), tests_pri_-950: 1.22 (0.0%), tests_pri_-900: 1.01 (0.0%), tests_pri_-400: 24 (0.5%), check_bayes: 23 (0.5%), b_tokenize: 6 (0.1%), b_tok_get_all: 9 (0.2%), b_comp_prob: 2.8 (0.1%), b_tok_touch_all: 3.8 (0.1%), b_finish: 0.69 (0.0%), tests_pri_0: 255 (5.3%), check_dkim_signature: 0.48 (0.0%), check_dkim_adsp: 6 (0.1%), tests_pri_500: 4488 (93.4%), poll_dns_idle: 4480 (93.3%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iqp19geEw-ugLmk6ABDFWnIqOGk>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 19:48:27 -0000

>  From: Brian Sniffen <bsniffen@akamai.com>

>  >>  From: Derek Atkins <derek@ihtfp.com>
>  >>  Date: Wed, 31 Aug 2016 10:17:25 -0400
>  >
>  >>  "Steven M. Bellovin" <smb@cs.columbia.edu> writes:
>  >
>  >>  > Yes.  To a large extent, the "IoT devices are too puny for real
>  >>  > crypto" is a hangover from several years ago. It was once true; for
>  >>  > the most part, it isn't today, but people haven't flushed their cache
>  >>  > from the old received wisdom.
>  >
>  >>  This is certainly true for AES, mostly because many small chips are
>  >>  including AES accelerators in hardware.  It's not quite true for public
>  >>  key solutions; there are still very small devices where even ECC takes
>  >>  too long (and yes, there are cases where 200-400ms is still too long).
>  >
>  >>  > It pays to look again at David Wagner's slides from 2005, on sensor
>  >>  > nets and crypto:
>  >>  > https://people.eecs.berkeley.edu/~daw/talks/sens-oak05.pdf
>  >>  >
>  >
>  > Unattended sensors with wifi present an unsolved crypto problem.  They
>  > can last 10 years on an AA battery without crypto, probably well less
>  > than a year if they have to do any kind of encryption.  These things
>  > will be everywhere, providing the data that will underly all kinds of
>  > decision-making.

>  Assuming there are *some* integrity requirements for the data, and that
>  they are deploying 32-bit ARM with AES support (stipulating that ~every
>  CPU will have AES support in a few years, as ~every CPU sold does
>  today), we're talking about *either* an ECDHE negotiation every few
>  months or a pre-shared key, good for ten years.

>  AES-GCM with hardware support compares favorably to SHA-2 without
>  hardware support, so if they've been able to last 10 years before, they
>  should do just fine in the future.  The old devices won't last forever,
>  and probably can't run TLS 1.3---that's fine, TLS 1.2 will be with us
>  for ten years after 1.3 is out.

>  -Brian

>  > Although much of the solution may lie in hardware innovation, the
>  > world really does need minimal crypto algorithms.
>  >
>  > Hilarie
>  >

An ARM is far too much hardware to throw at "read sensor/munge data/send data".

Hilarie