Re: [TLS] 3DES diediedie

2016-08-26 Thread Dmitry Belyavsky
Hello all, Regarding the discussion of the Sweet32 attack, it's worth mentioning that there is a specification of so called key meshing for the Russian GOST cipher (which has 64-bit block as well). Key meshing is a procedure of a predictable change of the current key after processing an certain am

Re: [TLS] [Cfrg] 3DES diediedie

2016-08-26 Thread Stanislav V. Smyshlyaev
Dear colleagues! I'd like to add that the described key meshing procedures (procedures to increase the lifetime of a key) are proven to be secure (and increasing security) in case of usage of CTR mode – see preprint at http://eprint.iacr.org/2016/628.pdf In case of CBC/CFB modes an additional sep

Re: [TLS] 3DES diediedie

2016-08-26 Thread Hanno Böck
On Wed, 24 Aug 2016 19:08:02 -0700 Tony Arcieri wrote: > Should there be a 3DES "diediedie"? I think a 3des diediedie rfc would be a good idea. I was wondering yesterday whether I should disable 3des on my servers. I'd likely exclude a small portion of my visitors for a very small security gain

[TLS] IANA Alert registry does not include ALPN alert

2016-08-26 Thread Hubert Kario
The IANA TLS Alert Registry[1] does not include the no_application_protocol(120) alert from RFC7301[2] (a.k.a. Application-Layer Protocol Negotiation Extension) What's the procedure to fix it? 1 - https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-6 2 - https

Re: [TLS] IANA Alert registry does not include ALPN alert

2016-08-26 Thread Xiaoyin Liu
I guess the reason is that this new alert is not mentioned in the IANA Considerations section in RFC7301. I don’t know how to fix it though. Best, Xiaoyin From: Hubert Kario Sent: Friday, August 26, 2016 10:03 To: tls@ietf.org Subject: [TLS

Re: [TLS] IANA Alert registry does not include ALPN alert

2016-08-26 Thread Eric Rescorla
I believe the chairs are preparing an IANA update RFC. We can cram it in there. -Ekr On Fri, Aug 26, 2016 at 7:27 AM, Xiaoyin Liu wrote: > I guess the reason is that this new alert is not mentioned in the IANA > Considerations section in RFC7301. I don’t know how to fix it though. > > > > Best

Re: [TLS] [Cfrg] 3DES diediedie

2016-08-26 Thread David McGrew (mcgrew)
Hi Tony, Thanks for bringing this up; an RFC deprecating and/or discouraging 3DES would be a good thing. The only good reason to use it is backwards compatibility, and too many applications don’t heed the birthday bound. There is another issue to be considered, though. Most of the lightweigh

Re: [TLS] [Cfrg] 3DES diediedie

2016-08-26 Thread Watson Ladd
On Fri, Aug 26, 2016 at 10:55 AM, David McGrew (mcgrew) wrote: > Hi Tony, > > Thanks for bringing this up; an RFC deprecating and/or discouraging 3DES > would be a good thing. The only good reason to use it is backwards > compatibility, and too many applications don’t heed the birthday bound. > >