summaryrefslogtreecommitdiff
path: root/doc/protocol
diff options
context:
space:
mode:
authorSimon Josefsson <simon@josefsson.org>2008-02-14 10:31:27 +0100
committerSimon Josefsson <simon@josefsson.org>2008-02-14 10:31:27 +0100
commit24a26d8a362d39f54a9f7041c1dea60d43dc2c51 (patch)
treeccc659811e37758552b64739fdb22af56f9da52b /doc/protocol
parentd8c86d10455e117aca794a1585eb56504f450158 (diff)
downloadgnutls-24a26d8a362d39f54a9f7041c1dea60d43dc2c51.tar.gz
Add.
Diffstat (limited to 'doc/protocol')
-rw-r--r--doc/protocol/draft-ietf-tls-des-idea-00.txt336
1 files changed, 336 insertions, 0 deletions
diff --git a/doc/protocol/draft-ietf-tls-des-idea-00.txt b/doc/protocol/draft-ietf-tls-des-idea-00.txt
new file mode 100644
index 0000000000..6237e698f3
--- /dev/null
+++ b/doc/protocol/draft-ietf-tls-des-idea-00.txt
@@ -0,0 +1,336 @@
+
+
+
+TLS Working Group P. Eronen, Ed.
+Internet-Draft Nokia
+Intended status: Informational February 14, 2008
+Expires: August 17, 2008
+
+
+ DES and IDEA Cipher Suites for Transport Layer Security (TLS)
+ draft-ietf-tls-des-idea-00.txt
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on August 17, 2008.
+
+Copyright Notice
+
+ Copyright (C) The IETF Trust (2008).
+
+Abstract
+
+ TLS specification versions 1.0 (RFC 2246) and 1.1 (RFC 4346) included
+ cipher suites based on DES (Data Encryption Standard) and IDEA
+ (International Data Encryption Algorithm) algorithms. DES (when used
+ in single-DES mode) and IDEA are no longer recommended for general
+ use in TLS, and have been removed from TLS 1.2 main specification
+ (RFC NNNN). This document specifies these cipher suites for
+ completeness, and discusses reasons why their use is no longer
+ recommended.
+
+
+
+Eronen Expires August 17, 2008 [Page 1]
+
+Internet-Draft DES and IDEA Cipher Suites for TLS February 2008
+
+
+1. Introduction
+
+ TLS specification versions 1.0 [TLS10] and 1.1 [TLS11] included
+ cipher suites based on DES (Data Encryption Standard) and IDEA
+ (International Data Encryption Algorithm) algorithms. DES (when used
+ in single-DES mode) and IDEA are no longer recommended for general
+ use in TLS, and have been removed from TLS 1.2 main specification
+ [TLS12].
+
+ This document specifies these cipher suites for completeness, and
+ discusses reasons why their use is no longer recommended.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [REQ].
+
+
+2. DES Cipher Suites
+
+ DES (Data Encryption Standard) is a block cipher which was originally
+ approved as US federal standard in 1976, and is specified in [DES].
+
+ For TLS key generation purposes, DES is treated as having a 64-bit
+ key, but it still provides only 56 bits of protection, as 8 of the 64
+ bits are not used by the algorithm. DES uses a 64-bit block size.
+
+ The following cipher suites have been defined for using DES in CBC
+ mode in TLS:
+
+ CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
+ CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
+ CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
+ CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
+ CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
+ CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
+
+ The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA,
+ and DH_anon) and the MAC algorithm (SHA) are defined in the base TLS
+ specification.
+
+
+3. IDEA Cipher Suites
+
+ IDEA (International Data Encryption Algorithm) is block cipher
+ designed by Xuejia Lai and James Massey [IDEA] [SCH]. IDEA uses a
+ 128-bit key and operates on 64-bit blocks.
+
+
+
+
+
+Eronen Expires August 17, 2008 [Page 2]
+
+Internet-Draft DES and IDEA Cipher Suites for TLS February 2008
+
+
+ The following cipher suite has been defined for using IDEA in CBC
+ mode in TLS:
+
+ CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
+
+ The key exchange algorithm (RSA) and the MAC algorithm (SHA) are
+ defined in the base TLS specification.
+
+
+4. Security Considerations
+
+4.1. DES Cipher Suites
+
+ DES has an effective key strength of 56 bits, which has been been
+ known to be vulnerable to practical brute force attacks for over 20
+ years [DH]. A relatively recent 2006 paper by Kumar et al. [COPA]
+ describes a system which performs exhaustive key search in less than
+ nine days on average, and costs less than 10,000 USD to build.
+
+ Given these, the single-DES cipher suites SHOULD NOT be implemented
+ by TLS libraries. If a TLS library implements these cipher suites,
+ it SHOULD NOT enable them by default. Experience has also shown that
+ rarely used code is a source of security and interoperability
+ problems, so existing implementations SHOULD consider removing these
+ cipher suites.
+
+4.2. IDEA Cipher Suites
+
+ IDEA has a 128-bit key, and thus is not vulnerable to exhaustive key
+ search. However, IDEA cipher suites for TLS have not seen widespread
+ use: most implementations either do not support them, do not enable
+ them by default, or do not negotiate them when other algorithms (such
+ as AES, 3DES, or RC4) are available.
+
+ Experience has shown that rarely used code is a source of security
+ and interoperability problems; given this, the IDEA cipher suites
+ SHOULD NOT be implemented by TLS libraries, and SHOULD be removed
+ from existing implementations.
+
+ Several reasons have been suggested to explain why the IDEA cipher
+ suites have been rarely used. These include the existence of IPR
+ disclosures (which can be obtained from the IETF on-line IPR
+ repository at http://www.ietf.org/ipr); poor performance in software
+ on common CPU architectures; a 64-bit block size which is considered
+ short by modern standards; the existence of weak keys; lack of
+ government approval in many countries; and the availability of other
+ algorithms which addressed at least some of these reasons.
+
+
+
+
+Eronen Expires August 17, 2008 [Page 3]
+
+Internet-Draft DES and IDEA Cipher Suites for TLS February 2008
+
+
+5. IANA Considerations
+
+ IANA has already allocated values for the cipher suites described in
+ this document in the TLS Cipher Suite Registry, defined in [TLS11].
+ IANA is requested to update (has updated) the references of these
+ cipher suites to point to this document:
+
+ Value Description Reference
+ ----------- -------------------------------------- ---------
+ 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFCnnnn]
+ 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFCnnnn]
+ 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFCnnnn]
+ 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFCnnnn]
+ 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFCnnnn]
+ 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFCnnnn]
+ 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFCnnnn]
+
+ This document does not create any new registries to be maintained by
+ IANA, and does not require any new assignments from existing
+ registries.
+
+
+6. Acknowledgments
+
+ The editor would like to thank Steven Bellovin, Uri Blumenthal,
+ Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Martin
+ Rex, and Len Sassaman for their contributions to preparing this
+ document.
+
+
+7. References
+
+7.1. Normative References
+
+ [DES] National Institute of Standards and Technology, "Data
+ Encryption Standard (DES)", FIPS PUB 46-3, October 1999.
+
+ [IDEA] Lai, X., "On the Design and Security of Block Ciphers",
+ ETH Series in Information Processing, v. 1, Konstanz:
+ Hartung-Gorre Verlag, 1992.
+
+ [REQ] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [SCH] Schneier, B., "Applied Cryptography: Protocols, Algorithms,
+ and Source Code in C", 2nd ed., John Wiley & Sons, Inc.,
+ 1996.
+
+
+
+
+Eronen Expires August 17, 2008 [Page 4]
+
+Internet-Draft DES and IDEA Cipher Suites for TLS February 2008
+
+
+ [TLS10] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
+ RFC 2246, January 1999.
+
+ [TLS11] Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.1", RFC 4346, April 2006.
+
+ [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.2", draft-ietf-tls-rfc4346-bis-09
+ (work in progress), February 2008.
+
+7.2. Informative References
+
+ [COPA] Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M.
+ Schimmler, "Breaking Ciphers with COPACOBANA - A Cost-
+ Optimized Parallel Code Breaker", Workshop on Cryptographic
+ Hardware and Embedded Systems (CHES 2006), Yokohama, Japan,
+ October 2006.
+
+ [DH] Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the
+ NBS Data Encryption Standard", IEEE Computer, volume 10,
+ issue 6, June 1977.
+
+
+Author's Address
+
+ Pasi Eronen (editor)
+ Nokia Research Center
+ P.O. Box 407
+ FIN-00045 Nokia Group
+ Finland
+
+ Email: pasi.eronen@nokia.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Eronen Expires August 17, 2008 [Page 5]
+
+Internet-Draft DES and IDEA Cipher Suites for TLS February 2008
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+Eronen Expires August 17, 2008 [Page 6]
+
View Lorry Controller Status