Re: [TLS] Question about TLS_RSA_WITH_3DES_EDE_CBC_SHA

Stefan Winter <stefan.winter@restena.lu> Mon, 04 July 2011 12:29 UTC

Return-Path: <stefan.winter@restena.lu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11D721F8630 for <tls@ietfa.amsl.com>; Mon, 4 Jul 2011 05:29:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wkbQ5UjJNdBL for <tls@ietfa.amsl.com>; Mon, 4 Jul 2011 05:29:12 -0700 (PDT)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id 58D6521F8624 for <tls@ietf.org>; Mon, 4 Jul 2011 05:29:12 -0700 (PDT)
Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id C57B110584 for <tls@ietf.org>; Mon, 4 Jul 2011 14:29:09 +0200 (CEST)
Received: from [IPv6:2001:a18:1:8::155] (unknown [IPv6:2001:a18:1:8::155]) by smtprelay.restena.lu (Postfix) with ESMTPS id 85C9E10582 for <tls@ietf.org>; Mon, 4 Jul 2011 14:29:09 +0200 (CEST)
Message-ID: <4E11B217.4060504@restena.lu>
Date: Mon, 04 Jul 2011 14:29:11 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: tls@ietf.org
X-Enigmail-Version: 1.2
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig539B81CE3760FC97ED8A89CF"
X-Virus-Scanned: ClamAV
Subject: Re: [TLS] Question about TLS_RSA_WITH_3DES_EDE_CBC_SHA
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 12:29:13 -0000

Hello,

there I was, naively hoping for a simple "Yes or No" answer :-)

My hopefully acceptable takeaway of this thread is that
TLS_RSA_WITH_3DES_EDE_CBC_SHA *supports* three-key operation, which
would be acceptable as per NIST.

I understand there is also a *risk* that if the dice fall very badly,
the actual encryption strength in that specific TLS session may exhibit
weaker cryptographic strength.

Thanks to all who responded!

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473