Hi I think Rich Salz already said exactly what CFRG would say:
> If someone wants to see SPECK adopted by IETF protocols, the first thing >that will have to happen is papers analyzing it. There's some analysis already, but not that much. Regards, Kenny On 21/03/2016 14:27, "TLS on behalf of Sean Turner" <tls-boun...@ietf.org on behalf of s...@sn3rd.com> wrote: >If we’re going to get into the cryptanalysis of SPECK then this thread >should move off the TLS list and possibly to the CFRG list. > >spt > >> On Mar 21, 2016, at 10:07, Efthymios Iosifides <iosifid...@gmail.com> >>wrote: >> >> >I don't see any compelling argument for the inclusion of SPECK? Not >>only would the affiliation with NSA give the >TLS-WG a bad rep. in the >>public, more importantly, it makes one of our main problems worse: >>combinatorial explosion >of possible cipher-suites in TLS. This problem >>is so bad that it needs multiple blog posts, an effort by Mozilla and >>>bettercrypto.org to get sys-admins to configure their services. >> >> >> Hi all. >> >> The reputation aspect is not necessarily and strictly correlated with >>it's provenance, but with it's actual security and performance. And the >>SPECK we shall note that performs quite well. Also we shall not forget >>that even the infamous AES has been approved by the NSA before the >>widespread use of it. In any case i wouldn't like for us to stand on the >>popular press. On the other hand we shall evaluate if the SPECK could be >>actually used. For example, the fact that it lacks extensive >>cryptanalysis is a serious argument for not using it today, but what >>about the future specifications. On top to that what if we could prove >>that the SPECK can have better performance than other algos without >>sacrificing the security. >> >> >> BRs, >> Efthimios Iosifides >> >> 2016-03-18 19:49 GMT+02:00 Aaron Zauner <a...@azet.org>: >> Hi, >> >> > On 17 Mar 2016, at 07:35, Efthymios Iosifides <iosifid...@gmail.com> >>wrote: >> > >> > Hello all. >> > >> > I have just found on the ietf archives an email discussion about the >>inclusion of the SPECK Cipher >> > in the tls standards. >> > It's reference is below >>:https://www.ietf.org/mail-archive/web/tls/current/msg13824.html >> > >> > Even though that this cipher originates from the NSA one cannot find >>a whitepaper that describes it's full cryptanalysis. In the above >>discussion Mr. Strömbergson somehow perfunctorily presents two >>whitepapers that describe the SPECK's cryptanalysis. Although we shall >>keep in mind that these papers describe a limited round cryptanalysis. >>Also we shall not forget that a similar cryptanalysis has taken place >>for the famous AES. Therefore i personally do not see any actual >>arguments apart from the facts that concerns the algorithm's provenance >>for not including it in a future tls specification. In conclusion even >>by this day the SPECK cipher has not been yet fully cryptanalyzed >>succesfully. >> >> I don't see any compelling argument for the inclusion of SPECK? Not >>only would the affiliation with NSA give the TLS-WG a bad rep. in the >>public, more importantly, it makes one of our main problems worse: >>combinatorial explosion of possible cipher-suites in TLS. This problem >>is so bad that it needs multiple blog posts, an effort by Mozilla and >>bettercrypto.org to get sys-admins to configure their services. >> >> Aaron >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
