Re: [TLS] Proposed text for IDEA/DES document

To: Mike <mike-list at pobox.com>
Subject: Re: [TLS] Proposed text for IDEA/DES document
From: "Bodo Moeller" <bmoeller at acm.org>
Date: Mon, 11 Feb 2008 11:21:42 -0800
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <47ADC844.3040407 at pobox.com>
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F240536CDD3 at esebe105.NOE.Nokia.com> <Pine.LNX.4.58.0802051421310.19741 at thetis.deor.org> <B356D8F434D20B40A8CEDAEC305A1F240539A72D at esebe105.NOE.Nokia.com> <20080207021022.GA7770 at tau.invalid> <47AA9CEF.5010605 at pobox.com> <20080207060217.4ec02667 at cs.columbia.edu> <B356D8F434D20B40A8CEDAEC305A1F24053C603D at esebe105.NOE.Nokia.com> <47015c2b0802081127o527b2b85rdc90bc1c02fe7dd at mail.gmail.com> <47ADC844.3040407 at pobox.com>
Sender: tls-bounces at ietf.org

On Sat, Feb 9, 2008 at 7:35 AM, Mike <mike-list at pobox.com> wrote:

> > 3DES still is frequently used, for historical
>  > reasons on the one hand, and probably because not everyone likes AES
>  > all that much on the other hand.

>  What don't people like about AES?  Is their dislike of it
>  technically justified, or is it based on personal preference?

This is a question I'd like to answer 20 years from now, then putting
hindsight to use ;-)

I guess you could say that some people have a personal preference to
think that their dislike of AES is technically justified.  Take a look
here, for example: http://www.cryptosystem.net/aes/  A rather
confusing page (not even just about AES even though it pretends so at
first sight), but then the author *is* a cryptanalysis expert, so his
concerns probably shouldn't be ignored lightly.

Others have complained about AES because its internal structure is
rather prone to side-channel attacks.

I'm not sure who really would recommend 3DES over AES for reasons like
these, but 3DES certainly appears to be fine as long as you don't have
to handle too large an amount of data (the small block length isn't an
issue then), and it has been around for longer -- so arguably we can
expect fewer cryptanalytic surprises regarding 3DES than regarding
AES.

Bodo
_______________________________________________
TLS mailing list
TLS at ietf.org
http://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Pasi.Eronen
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Bodo Moeller
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Mike
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Steven M. Bellovin
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Pasi.Eronen
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Bodo Moeller
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Mike

Prev by Date: Re: [TLS] Proposed text for IDEA/DES document
Next by Date: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Previous by thread: Re: [TLS] Proposed text for IDEA/DES document
Next by thread: [TLS] I-D Action:draft-ietf-tls-rsa-aes-gcm-02.txt
Index(es):
- Date
- Thread

Re: [TLS] Proposed text for IDEA/DES document

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.