This attack was published today[*]: https://sweet32.info/
I bring it up because I think the threat model is similar to the threats that lead to RC4 "diediedie" https://www.rfc-editor.org/info/rfc7465 Should there be a 3DES "diediedie"? I believe 3DES is MTI for TLS 1.0/1.1(?) but I think it would make sense for it to be banned from TLS 1.3. [*] Lest anyone claim the contrary, I am not surprised by this attack, and have pushed to have 3DES removed from TLS prior to the publication of this attack, and can probably find a TLS implementer who can back me up on that. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
