Tony Arcieri <basc...@gmail.com> writes: > This attack was published today[*]: > > https://sweet32.info/ > > I bring it up because I think the threat model is similar to the threats > that lead to RC4 "diediedie" > > https://www.rfc-editor.org/info/rfc7465 > > Should there be a 3DES "diediedie"?
I think so. > I believe 3DES is MTI for TLS 1.0/1.1(?) but I think it would make sense > for it to be banned from TLS 1.3. At least one purpose of such a RFC would be to replace the MTI ciphersuite with a different ciphersuite. > [*] Lest anyone claim the contrary, I am not surprised by this attack, and > have pushed to have 3DES removed from TLS prior to the publication of this > attack, and can probably find a TLS implementer who can back me up on that. The problem has even been described previously on this very mailing list <https://www.ietf.org/mail-archive/web/tls/current/msg04560.html> (the original is off here: <http://lists.links.org/pipermail/mogul-open/2009-November/000069.html>). _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls