Re: [TLS] Ordered list of cypher strengths

To: tls at ietf.org
Subject: Re: [TLS] Ordered list of cypher strengths
From: Michael D'Errico <mike-list at pobox.com>
Date: Sat, 17 Oct 2009 08:34:32 -0700
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=hWSb23F4uzLn gJouhEMj6yKGoXE=; b=dSu3Kf3zvtJmcr44Ox9typCN2lWQHinMLiZjLRedQUzu IzdO+aM/PEB2pFv2oUA7XRnNH+IryIJgvLS7ZPRKaX3Segd3AcgskOsAHS9y/uzB lPgKGfe/pym0DiWcpEpPtLmvuNqb2wat5NxYh8dJnvDNkrSr4syp+KgD+y5aTGU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=PbRrGZ e+yqu6D1DqCDlL9VL05nAGBXVYE0i3nGBrruR5t9Kk3jOY3U8pKJfBMqpoPkLfS1 pPaTBj8qNJ/TI/KzNE5XxynwxwS0Eo0KZQ6gFdVFAO+T+tMqX62/ZUN7hgU+INlO K51a1yZ/Al+KBa+N8CVxxtJcKcbwQ6zqWD5wo=
In-reply-to: <4FD799C7F81B44C094DFF8409F368F35 at GIH.CO.UK>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <4FD799C7F81B44C094DFF8409F368F35 at GIH.CO.UK>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

This is a difficult question to answer.  There are three factors to
consider when determining the relative strengths of cipher suites.
First there is the key exchange mechanism, such as RSA, DHE_DSS, etc.
Second is the bulk encryption algorithm and key length, and third is
the MAC.

The key exchange mechanism is problematic because there is no way to
specify the key length by the client; the server selects it.  Many
servers use 1024-bit RSA keys and 1024-bit Diffie-Hellman parameters
which roughly correspond to "only" 80 bits of security.  This may be
the weak link.  Using AES-256 may provide no more security than RC4
if a 1024-bit RSA key exchange is done.

I know this is not the answer you were hoping for, but the reality
is you can't create the list you want.

Also, with email, messages are only protected in transit.  The server
at each hop will have the full plaintext of your message.  And even
if the first hop uses TLS for that transfer, there is no guarantee
that TLS will be used on every transfer all the way to the recipient.
And then once it's at the recipient, you don't know that they've set
up their mail client to use TLS with POP3 or IMAP.


Mike
----
http://mikestoolbox.com


Olivier MJ Crepin-Leblond wrote:

Hello there,
could someone please point me to references or a page discussing cypherstrengths and listing them in increasing order, in an email specificcontext? For example, I'm seeing emails transfers which seem to be using:- AES256-SHA
- RC4-MD5
- DHE-RSA-AES256-SHA
- ADH-AES256-SHA
- EDH-RSA-DES-CBC3-SHA
etc.I know of the page: http://www.openssl.org/docs/apps/ciphers.html whichlists cypher suites, but are these listed in order of increasing strength?Warm regards,--
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html

References:
- [TLS] Ordered list of cypher strengths
  - From: Olivier MJ Crepin-Leblond

Prev by Date: [TLS] Ordered list of cypher strengths
Next by Date: Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt
Previous by thread: [TLS] Ordered list of cypher strengths
Index(es):
- Date
- Thread

Re: [TLS] Ordered list of cypher strengths

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.