Re: [TLS] [Cfrg] 3DES diediedie

david wong <davidwong.crypto@gmail.com> Thu, 25 August 2016 13:22 UTC

Return-Path: <davidwong.crypto@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB06712D0BB for <tls@ietfa.amsl.com>; Thu, 25 Aug 2016 06:22:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DjVdUYyHiRZK for <tls@ietfa.amsl.com>; Thu, 25 Aug 2016 06:22:01 -0700 (PDT)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A10C712B007 for <tls@ietf.org>; Thu, 25 Aug 2016 06:22:01 -0700 (PDT)
Received: by mail-it0-x22e.google.com with SMTP id e63so270785391ith.1 for <tls@ietf.org>; Thu, 25 Aug 2016 06:22:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3mrTyCfR0wXrPfucftoPZJXlzq3oM0ChYSixFDRXoLI=; b=VVlJgyOV81qPxNR7xLO3/KnM0ehAVEKzBamZepdV98lpW+92jlDdwb3D03yD6UOHgd mbMJ/HPl4oUAFAGuE+quqUZ058A7MzZKi4Qf6V1tmRR9abJlLh9PM47SQ/zYY6eo7TED O56tHAe6bIJWhi/nHDTiKZU5BjWbSsf1wx7XNdWuYWccEIvqP4mapWL65KvXcbxdjx2a Tw+ktd+vgJGysqe/VjGRURsTq2wGSHf/45mp4wmGccH8bdF+Fh2aY+KaIdXYq+QVHk08 3Nb1EVBkh953nNABUeNmi1Vw6s1l2udKxoUpr+Yk75wXBL9kqzTTpe1zU/D+/DJFuAky treQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3mrTyCfR0wXrPfucftoPZJXlzq3oM0ChYSixFDRXoLI=; b=Sg8CU3DAhVW9zw61k/8l/ooxyyFq9HRQqmmem5oduKRTqDpEX2WD+lRKiryJZFUbrf LCWAQtZkLxwFueFXLj22MC5JKk/GpMUIOSfiXNJezueKWz+RS82QTuIxcczl7Isow5JL UGgT3IXRvBNr9HnFp9cUIsMny4O6xRTbzvCKUtXDUr3kfXPWVMZ2IPQcUo/41KFxMlhe sBK5LpB+POOiWzRoPUbDdaaASZVFXIiNZTgs9+j/+G/DSqW2tr7ZL8c9EaUOI3dsmk8S /kvdfiUSBStvLdLT2+QfeN7nGoE3tYdlfCREwB4Run8MkOVuVD2p7x+q8kd8SFFdkdKf cR6w==
X-Gm-Message-State: AEkoouviUH5YpN2qRkGor2Kefu2ernRRjQS7AZQGnQZsaZ/sYCD/fa9KLr6o05RzxOs9QA==
X-Received: by 10.36.225.72 with SMTP id n69mr4925899ith.16.1472131321043; Thu, 25 Aug 2016 06:22:01 -0700 (PDT)
Received: from ?IPv6:2601:240:d700:6a00:a53f:b290:e39:9cfb? ([2601:240:d700:6a00:a53f:b290:e39:9cfb]) by smtp.gmail.com with ESMTPSA id n23sm5472749ioe.18.2016.08.25.06.21.59 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 25 Aug 2016 06:22:00 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: david wong <davidwong.crypto@gmail.com>
X-Mailer: iPhone Mail (13G35)
In-Reply-To: <6377217.GbyXToEj0o@pintsize.usersys.redhat.com>
Date: Thu, 25 Aug 2016 08:21:59 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <6933C5DD-9C84-44E0-88D4-6E3D3C9A2C78@gmail.com>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <CAHOTMVKBmDT-okm=ikECrotcEKS5fdn840-gV+5Tnx3eg4JBkQ@mail.gmail.com> <E201DE55-20AF-4581-B502-5112DBA535A5@dukhovni.org> <6377217.GbyXToEj0o@pintsize.usersys.redhat.com>
To: Hubert Kario <hkario@redhat.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vhChh8pzdpJpQEFbgZEojn5hlZE>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, tls@ietf.org
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 13:22:05 -0000

I don't think a RFC deprecating them is a good idea:

* TLS 1.3 is almost here and is already doing that
* what browser still use 64-bit ciphers? Who lets his "old" browser open for 75 hours?
* in other uses of TLS. It's not always obvious if there is a possible beast style attacks. And their implementation might really well not be vulnerable (due to limiting number of messages according to specs)

David