IETF Logo Mail Archive

Re: [TLS] Unifying tickets and sessions

David Leon Gil <coruus@gmail.com> Tue, 21 October 2014 18:34 UTC

Return-Path: <coruus@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982741A8775 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 11:34:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhnN88K19hB0 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 11:34:06 -0700 (PDT)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B88151A8764 for <tls@ietf.org>; Tue, 21 Oct 2014 11:34:05 -0700 (PDT)
Received: by mail-lb0-f174.google.com with SMTP id p9so1539493lbv.19 for <tls@ietf.org>; Tue, 21 Oct 2014 11:34:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=q+GIubriOrHCX+oRalSo7NUvy5squzM+dKq8h2xD31c=; b=cwNhcuLmvFTnWENN9JCbqCW/enz49CnmwSC5VMxbNOWh8Eg0O1xOUWgzjMbuXTAItL uim8LofypODEudJQlvQvR6vjMf6ix7/QeC5EohF0FVVBKdIKNT9sqSL2jdtrDrQHYjeC JEusOVy8ktO1+z71SF6bPHSlQAQr5uq/K4UqMx97Hp3ZgQXV8Q3pAwKNbQ89z7E9/qb7 b9KwCjL2bxJW8zKQ1nrhFj+5kJy9AS7CtYxeekG1xgZPXHrA+Tgnh1bWWq3Q9tC2KM5O syKNrkITZrKMVOOVa86KG1TdlrpUnQIPPM17/KG7NDzQVS32RunvRb0Pjqq2CpfMkkPT yOsA==
X-Received: by 10.152.206.36 with SMTP id ll4mr37313595lac.64.1413916443992; Tue, 21 Oct 2014 11:34:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.218.145 with HTTP; Tue, 21 Oct 2014 11:33:43 -0700 (PDT)
In-Reply-To: <544606E5.2070807@fussenegger.info>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <5445775E.3050108@fussenegger.info> <54458113.1050304@polarssl.org> <20141020235832.GK19158@mournblade.imrryr.org> <544606E5.2070807@fussenegger.info>
From: David Leon Gil <coruus@gmail.com>
Date: Tue, 21 Oct 2014 14:33:43 -0400
Message-ID: <CAA7UWsVmxAmBtdCvpE_+c2e7brJNkPrQ5_69FDXzy2csg6EsyA@mail.gmail.com>
To: "Richard Fussenegger, BSc" <richard@fussenegger.info>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/x7G3jecZfdEAdvdIFbqC043Kkvw
Cc: tls@ietf.org
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 18:34:07 -0000

On Tue, Oct 21, 2014 at 3:10 AM, Richard Fussenegger, BSc
<richard@fussenegger.info> wrote:
> I'm [. . .] glimpsing over to the fact that the
> cryptography community agrees that 128 bit security will be enough for the
> next 10 to 20 years.[2]

This really isn't true. See djb's "matching AES security" at
https://www.ietf.org/mail-archive/web/cfrg/current/msg04820.html

Summarizing: The workfactor of a multi-target attack is much lower for
symmetric-key crypto than for attacks against asymmetric-key crypto.
This is exactly the sort of attack that is useful for mass
surveillance.

We need to start moving away from AES-128 now, not in 10 years.

(Note that a number of cryptographers think that 2^90 operations per
year is feasible today; djb is lowballing the number a bit.)

v2.23.0 | Report a Bug | By Email