Re: [TLS] [Cfrg] 3DES diediedie

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 28 August 2016 12:26 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DF0212B042 for <tls@ietfa.amsl.com>; Sun, 28 Aug 2016 05:26:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.849
X-Spam-Level:
X-Spam-Status: No, score=-4.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-nLl5Gtqf7q for <tls@ietfa.amsl.com>; Sun, 28 Aug 2016 05:26:12 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF44A12D11D for <tls@ietf.org>; Sun, 28 Aug 2016 05:26:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C51ADBE29; Sun, 28 Aug 2016 13:26:09 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZJcMzSm3Tcw; Sun, 28 Aug 2016 13:26:07 +0100 (IST)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 61494BE25; Sun, 28 Aug 2016 13:26:07 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1472387167; bh=a6TVWHLRZpMy1pfwIxOjruotYScitl1XCiTg7QaG8o8=; h=Subject:To:References:From:Date:In-Reply-To:From; b=k1vMO/vfJHhHIgbThqQZSc6DELZ9vtade78Fy5j79xRS9nXI0iwKoGh+Wb5Su9N1b 2ZmzFBKy3q8YFfezV02D/vkyOlGkKnIZOvBHfqe62RiJl93bkrmZqSJPlZ/F5z3+4L oHcseA3e3mlFexzGq+nR8TJ5yY2LxY6lpPkk3o/w=
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "David McGrew (mcgrew)" <mcgrew@cisco.com>, Tony Arcieri <bascule@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <F42128A0-9682-4042-8C7E-E3686743B314@cisco.com> <9A043F3CF02CD34C8E74AC1594475C73F4D0473F@uxcn10-5.UoA.auckland.ac.nz> <B749662D-B518-46E0-A51D-4AD1D30A8ED2@cisco.com> <9A043F3CF02CD34C8E74AC1594475C73F4D0528F@uxcn10-5.UoA.auckland.ac.nz>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <b2fb4b70-7b65-2d6c-2073-c9db8d86f608@cs.tcd.ie>
Date: Sun, 28 Aug 2016 13:26:07 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4D0528F@uxcn10-5.UoA.auckland.ac.nz>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020207040104090309010201"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lb1J6i3-cSaR9OF0UTgJlmJduUM>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 12:26:15 -0000

Peter,

On 28/08/16 13:01, Peter Gutmann wrote:
> David McGrew (mcgrew) <mcgrew@cisco.com> writes:
> 
>> I don’t think you understood my point. IoT is about small devices connecting
>> to the Internet, and IETF standards should expect designed-for-IoT crypto to
>> be increasingly in scope.  It is important to not forget about these devices,
>> amidst the current attention being paid to misuses of 64-bit block ciphers,
>> which was the ultimate cause of this mail thread.
> 
> But the IETF has a long history of creating standards that completely ignore
> IoT.  

IIRC the IoT marketing term doesn't have a very long history so I
don't really know what substance lies behind that remark.

> I can't think of a single general-purpose IETF security standard (TLS,
> SSH, IPsec, etc) that has any hope of working with IoT devices (say a 40Mhz
> ARM-core ASIC with 32kB RAM and 64kB flash).  This is why the ITU/IEC and a
> million lesser-known standards bodies are all busy inventing their own
> exquisitely homebrew crypto protocols, most of which make WEP look like a
> model of good design.
> 
> (I've always wanted to sit down and design a generic "encrypted pipe from A to
> B using minimal resources" spec, and I'm sure many other people have had the
> same thought at one time or another).

Then why don't you do that? If others found it useful, then I'm sure
they'd want to use it and there'd be support for it in the IETF. (And
to be clear, I don't think your lts draft for TLS matches the above.)

One wrinkle though is that it seems that there's a real demand for
"encrypted pipe from A to B and hundreds of others using minimal
resources" spec - I'm not sure that the two party version is really
the main missing spec here.

S.

> 
> So it seems like you've got:
> 
> - The "TLS = the web" crowd (browser vendors and the like) who will implement
>   whatever's trendy at the moment and assume everyone has a quad-core 2GHz CPU
>   with gigabytes of RAM and access to weekly live updates and hotfixes.
> 
> - Embedded/SCADA folks who need to deal with 10-15 year product cycles (see my
>   TLS-LTS draft for more on this) and are kind of stuck.
> 
> - IoT people, who can't use any standard protocol and will get the least
>   unqualified person on staff to invent something that seems OK to them.
> 
> I'm not sure that a draft on theoretical weaknesses in 64-bit block ciphers is
> going to affect any of those...
> 
> Peter.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>