draft-ietf-tls-des-idea-01.txt   draft-ietf-tls-des-idea-02.txt 
TLS Working Group P. Eronen, Ed. TLS Working Group P. Eronen, Ed.
Internet-Draft Nokia Internet-Draft Nokia
Intended status: Informational March 10, 2008 Intended status: Informational June 25, 2008
Expires: September 11, 2008 Expires: December 27, 2008
DES and IDEA Cipher Suites for Transport Layer Security (TLS) DES and IDEA Cipher Suites for Transport Layer Security (TLS)
draft-ietf-tls-des-idea-01.txt draft-ietf-tls-des-idea-02.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 11, 2008. This Internet-Draft will expire on December 27, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Abstract Abstract
TLS specification versions 1.0 (RFC 2246) and 1.1 (RFC 4346) included TLS specification versions 1.0 (RFC 2246) and 1.1 (RFC 4346) included
cipher suites based on DES (Data Encryption Standard) and IDEA cipher suites based on DES (Data Encryption Standard) and IDEA
(International Data Encryption Algorithm) algorithms. DES (when used (International Data Encryption Algorithm) algorithms. DES (when used
in single-DES mode) and IDEA are no longer recommended for general in single-DES mode) and IDEA are no longer recommended for general
use in TLS, and have been removed from TLS 1.2 main specification use in TLS, and have been removed from TLS 1.2 main specification
(RFC NNNN). This document specifies these cipher suites for (RFC 5246). This document specifies these cipher suites for
completeness, and discusses reasons why their use is no longer completeness, and discusses reasons why their use is no longer
recommended. recommended.
1. Introduction 1. Introduction
TLS specification versions 1.0 [TLS10] and 1.1 [TLS11] included TLS specification versions 1.0 [TLS10] and 1.1 [TLS11] included
cipher suites based on DES (Data Encryption Standard) and IDEA cipher suites based on DES (Data Encryption Standard) and IDEA
(International Data Encryption Algorithm) algorithms. DES (when used (International Data Encryption Algorithm) algorithms. DES (when used
in single-DES mode) and IDEA are no longer recommended for general in single-DES mode) and IDEA are no longer recommended for general
use in TLS, and have been removed from TLS 1.2 main specification use in TLS, and have been removed from TLS 1.2 main specification
skipping to change at page 2, line 44 skipping to change at page 2, line 44
CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C }; CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F }; CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 }; CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 }; CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA, The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA,
and DH_anon) and the MAC algorithm (SHA) are defined in the base TLS and DH_anon) and the MAC algorithm (SHA) are defined in the base TLS
specification. specification.
3. IDEA Cipher Suites 3. IDEA Cipher Suite
IDEA (International Data Encryption Algorithm) is block cipher IDEA (International Data Encryption Algorithm) is a block cipher
designed by Xuejia Lai and James Massey [IDEA] [SCH]. IDEA uses a designed by Xuejia Lai and James Massey [IDEA] [SCH]. IDEA uses a
128-bit key and operates on 64-bit blocks. 128-bit key and operates on 64-bit blocks.
The following cipher suite has been defined for using IDEA in CBC The following cipher suite has been defined for using IDEA in CBC
mode in TLS: mode in TLS:
CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
The key exchange algorithm (RSA) and the MAC algorithm (SHA) are The key exchange algorithm (RSA) and the MAC algorithm (SHA) are
defined in the base TLS specification. defined in the base TLS specification.
skipping to change at page 3, line 23 skipping to change at page 3, line 23
4. Security Considerations 4. Security Considerations
4.1. DES Cipher Suites 4.1. DES Cipher Suites
DES has an effective key strength of 56 bits, which has been been DES has an effective key strength of 56 bits, which has been been
known to be vulnerable to practical brute force attacks for over 20 known to be vulnerable to practical brute force attacks for over 20
years [DH]. A relatively recent 2006 paper by Kumar et al. [COPA] years [DH]. A relatively recent 2006 paper by Kumar et al. [COPA]
describes a system which performs exhaustive key search in less than describes a system which performs exhaustive key search in less than
nine days on average, and costs less than 10,000 USD to build. nine days on average, and costs less than 10,000 USD to build.
Given these, the single-DES cipher suites SHOULD NOT be implemented Given this, the single-DES cipher suites SHOULD NOT be implemented by
by TLS libraries. If a TLS library implements these cipher suites, TLS libraries. If a TLS library implements these cipher suites, it
it SHOULD NOT enable them by default. Experience has also shown that SHOULD NOT enable them by default. Experience has also shown that
rarely used code is a source of security and interoperability rarely used code is a source of security and interoperability
problems, so existing implementations SHOULD consider removing these problems, so existing implementations SHOULD consider removing these
cipher suites. cipher suites.
4.2. IDEA Cipher Suites 4.2. IDEA Cipher Suite
IDEA has a 128-bit key, and thus is not vulnerable to exhaustive key IDEA has a 128-bit key, and thus is not vulnerable to exhaustive key
search. However, IDEA cipher suites for TLS have not seen widespread search. However, the IDEA cipher suite for TLS has not seen
use: most implementations either do not support them, do not enable widespread use: most implementations either do not support it, do not
them by default, or do not negotiate them when other algorithms (such enable it by default, or do not negotiate it when other algorithms
as AES, 3DES, or RC4) are available. (such as AES, 3DES, or RC4) are available.
Experience has shown that rarely used code is a source of security Experience has shown that rarely used code is a source of security
and interoperability problems; given this, the IDEA cipher suites and interoperability problems; given this, the IDEA cipher suite
SHOULD NOT be implemented by TLS libraries, and SHOULD be removed SHOULD NOT be implemented by TLS libraries, and SHOULD be removed
from existing implementations. from existing implementations.
5. IANA Considerations 5. IANA Considerations
IANA has already allocated values for the cipher suites described in IANA has already allocated values for the cipher suites described in
this document in the TLS Cipher Suite Registry, defined in [TLS11]. this document in the TLS Cipher Suite Registry, defined in [TLS11].
IANA is requested to update (has updated) the references of these IANA is requested to update (has updated) the references of these
cipher suites to point to this document: cipher suites to point to this document:
skipping to change at page 4, line 22 skipping to change at page 4, line 22
0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFCnnnn] 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFCnnnn]
0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFCnnnn] 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFCnnnn]
This document does not create any new registries to be maintained by This document does not create any new registries to be maintained by
IANA, and does not require any new assignments from existing IANA, and does not require any new assignments from existing
registries. registries.
6. Acknowledgments 6. Acknowledgments
The editor would like to thank Steven Bellovin, Uri Blumenthal, The editor would like to thank Steven Bellovin, Uri Blumenthal,
Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Martin Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Tom
Rex, and Len Sassaman for their contributions to preparing this Petch, Martin Rex, and Len Sassaman for their contributions to
document. preparing this document.
7. References 7. References
7.1. Normative References 7.1. Normative References
[DES] National Institute of Standards and Technology, "Data [DES] National Institute of Standards and Technology, "Data
Encryption Standard (DES)", FIPS PUB 46-3, October 1999. Encryption Standard (DES)", FIPS PUB 46-3, October 1999.
[IDEA] Lai, X., "On the Design and Security of Block Ciphers", [IDEA] Lai, X., "On the Design and Security of Block Ciphers",
ETH Series in Information Processing, v. 1, Konstanz: ETH Series in Information Processing, v. 1, Konstanz:
skipping to change at page 5, line 4 skipping to change at page 5, line 4
and Source Code in C", 2nd ed., John Wiley & Sons, Inc., and Source Code in C", 2nd ed., John Wiley & Sons, Inc.,
1996. 1996.
[TLS10] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", [TLS10] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999. RFC 2246, January 1999.
[TLS11] Dierks, T. and E. Rescorla, "The Transport Layer Security [TLS11] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.1", RFC 4346, April 2006. (TLS) Protocol Version 1.1", RFC 4346, April 2006.
[TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", draft-ietf-tls-rfc4346-bis-09 (TLS) Protocol Version 1.2", RFC 5246, July 2008.
(work in progress), February 2008.
7.2. Informative References 7.2. Informative References
[COPA] Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M. [COPA] Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M.
Schimmler, "Breaking Ciphers with COPACOBANA - A Cost- Schimmler, "Breaking Ciphers with COPACOBANA - A Cost-
Optimized Parallel Code Breaker", Workshop on Cryptographic Optimized Parallel Code Breaker", Workshop on Cryptographic
Hardware and Embedded Systems (CHES 2006), Yokohama, Japan, Hardware and Embedded Systems (CHES 2006), Yokohama, Japan,
October 2006. October 2006.
[DH] Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the [DH] Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the
skipping to change at page 6, line 44 skipping to change at line 245
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
 End of changes. 13 change blocks. 
25 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/