On 31 Aug 2016, at 10:17, Derek Atkins wrote:
> "Steven M. Bellovin" <s...@cs.columbia.edu> writes:
>
>> Yes. To a large extent, the "IoT devices are too puny for real
>> crypto" is a hangover from several years ago. It was once true; for
>> the most part, it isn't today, but people haven't flushed their cache
>> from the old received wisdom.
>
> This is certainly true for AES, mostly because many small chips are
> including AES accelerators in hardware. It's not quite true for public
> key solutions; there are still very small devices where even ECC takes
> too long (and yes, there are cases where 200-400ms is still too long).
>
Certainly plausible. What I'm saying is (a) don't assert, measure; and
(b) measure again next year because tech keeps improving.
As for your specific points: if AES is indeed feasible, we don't need
new ciphers. If elliptic curve is too slow, the only answer is architectures
that don't use public key at all; we're not going to find new, cheaper
public key algorithms without a *lot* of effort and the people who can
do that sort of thing are too busy working on post-quantum crypto.
The remaining approach is a cheaper protocol than TLS. That shouldn't
be hard at all, especially if we're going back to KDCs.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
