Re: [TLS] Comparative cipher suite strengths
Dean Anderson <dean@av8.com> Tue, 05 May 2009 20:22 UTC
Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 55BEB3A69BB for <tls@core3.amsl.com>; Tue, 5 May 2009 13:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[AWL=-1.244, BAYES_20=-0.74, SARE_OBFU_ALL=0.751]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7eAq-sqAfSo for <tls@core3.amsl.com>; Tue, 5 May 2009 13:22:31 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 3F5A13A682E for <tls@ietf.org>; Tue, 5 May 2009 13:22:31 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id n45KNmLQ002315 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 May 2009 16:23:49 -0400
Date: Tue, 05 May 2009 16:23:48 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
In-Reply-To: <Pine.LNX.4.44.0905051513320.20344-100000@citation2.av8.net>
Message-ID: <Pine.LNX.4.44.0905051618230.20344-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: tls@ietf.org
Subject: Re: [TLS] Comparative cipher suite strengths
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2009 20:22:32 -0000
I think this Schnier "Cryptogram" is particularly insightful on the subject of Snake oil, and even mentions the issue of AES key lengths. I found it by googling for "JAWS L5 Meganet". :-) http://www.ussrback.com/crypto/misc/cryptogram-021599.txt --Dean On Tue, 5 May 2009, Dean Anderson wrote: > On Tue, 5 May 2009, Peter Gutmann wrote: > > > "Blumenthal, Uri" <uri@ll.mit.edu> writes: > > > > >While this certainly makes a nice tea-table story, I question the "historical > > >truthfulness" of it. > > > > As I said, it was told to me by someone involved at the time, but it was some > > years ago and unfortunately I didn't think to take names and numbers. > > Well, if Peter's recollection is not historically correct, and many such > stories get things wrong (me included---I once thought I knew the story > (from a third-hand source) about an event between RMS and ATT that > occurred before GNU was formed. I thought to check the facts with RMS, > and RMS told me I had it wrong--I heard it verbally, and didn't remember > the precise source, so I don't know if I misremembered it or my source > had it wrong. The point is: We all fail sometimes. If Peter has the > history wrong, please state the correct history with your sources of > fact. Just saying Peter has it wrong is no help. > > > > You're assuming that the people in these organisations work like > > Turing machines > [...] > > because the target within the company didn't understand why they should > > use prescribed algorithms when the snake oil was obviously better > [...] > > try enough people in enough organisations and eventually they'll fall > > for it, no matter how the Turing-machine model says they should react. > > > Yep, that about covers it. I think we all probably have to deal with > snake-oilers at some time or other. And my experience is about the same: > its tedious. It seems to be a colossal waste of time. Fortunately or > unfortunately, the snake-oiler's I'm currently fighting keep sending me > a reminder once or twice a month to do a little more work... ;-) > > But snake-oil has to be discredited on its de-merits, not by altering > specifications to encompass both snake-oil and non-snake-oil. The best > thing you can do is put up a web page discrediting the snake-oilers to > help others do the same. And promote the non-snake-oil on its > comparative merits until people catch on. > > --Dean > > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
- Re: [TLS] Comparative cipher suite strengths Blumenthal, Uri
- [TLS] Comparative cipher suite strengths Carl Young
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths carlyoung
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Simon Josefsson
- Re: [TLS] Comparative cipher suite strengths carlyoung
- Re: [TLS] Comparative cipher suite strengths Steven M. Bellovin
- Re: [TLS] Comparative cipher suite strengths Blumenthal, Uri
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Blumenthal, Uri
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Steven M. Bellovin
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Steven M. Bellovin
- Re: [TLS] Comparative cipher suite strengths Michael.G.Williams
- Re: [TLS] Comparative cipher suite strengths Blumenthal, Uri
- Re: [TLS] Comparative cipher suite strengths Daniel Brown
- Re: [TLS] Comparative cipher suite strengths Nicolas Williams
- Re: [TLS] Comparative cipher suite strengths Peter Gutmann
- Re: [TLS] Comparative cipher suite strengths Blumenthal, Uri
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Daniel Brown
- Re: [TLS] Comparative cipher suite strengths Paul Hoffman
- Re: [TLS] Comparative cipher suite strengths Daniel Brown
- Re: [TLS] Comparative cipher suite strengths Paul Hoffman
- Re: [TLS] Comparative cipher suite strengths Steven M. Bellovin
- Re: [TLS] Comparative cipher suite strengths Nicolas Williams
- Re: [TLS] Comparative cipher suite strengths Dean Anderson
- Re: [TLS] Comparative cipher suite strengths Martin Rex
- Re: [TLS] Comparative cipher suite strengths Dean Anderson
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Michael D'Errico
- Re: [TLS] Comparative cipher suite strengths carlyoung
- Re: [TLS] Comparative cipher suite strengths Florian Weimer
- Re: [TLS] Comparative cipher suite strengths Peter Gutmann
- Re: [TLS] Comparative cipher suite strengths Blumenthal, Uri
- Re: [TLS] Comparative cipher suite strengths Vipul Gupta
- Re: [TLS] Comparative cipher suite strengths Nicolas Williams
- Re: [TLS] Comparative cipher suite strengths Robert Relyea
- Re: [TLS] Comparative cipher suite strengths Peter Gutmann
- Re: [TLS] Comparative cipher suite strengths Bill Frantz
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Peter Gutmann
- Re: [TLS] Comparative cipher suite strengths Blumenthal, Uri
- Re: [TLS] Comparative cipher suite strengths Jeffrey A. Williams
- Re: [TLS] Comparative cipher suite strengths Martin Rex
- Re: [TLS] Comparative cipher suite strengths Eric Rescorla
- Re: [TLS] Comparative cipher suite strengths Peter Gutmann
- Re: [TLS] Comparative cipher suite strengths Dean Anderson
- Re: [TLS] Comparative cipher suite strengths Steven M. Bellovin