summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc5469.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc5469.txt')
-rw-r--r--doc/rfc/rfc5469.txt227
1 files changed, 227 insertions, 0 deletions
diff --git a/doc/rfc/rfc5469.txt b/doc/rfc/rfc5469.txt
new file mode 100644
index 0000000..517392e
--- /dev/null
+++ b/doc/rfc/rfc5469.txt
@@ -0,0 +1,227 @@
+
+
+
+
+
+
+Network Working Group P. Eronen, Ed.
+Request for Comments: 5469 Nokia
+Category: Informational February 2009
+
+
+ DES and IDEA Cipher Suites for Transport Layer Security (TLS)
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (c) 2009 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents (http://trustee.ietf.org/
+ license-info) in effect on the date of publication of this document.
+ Please review these documents carefully, as they describe your rights
+ and restrictions with respect to this document.
+
+Abstract
+
+ Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC
+ 4346) include cipher suites based on DES (Data Encryption Standard)
+ and IDEA (International Data Encryption Algorithm) algorithms. DES
+ (when used in single-DES mode) and IDEA are no longer recommended for
+ general use in TLS, and have been removed from TLS version 1.2 (RFC
+ 5246). This document specifies these cipher suites for completeness
+ and discusses reasons why their use is no longer recommended.
+
+1. Introduction
+
+ TLS versions 1.0 [TLS10] and 1.1 [TLS11] include cipher suites based
+ on DES (Data Encryption Standard) and IDEA (International Data
+ Encryption Algorithm) algorithms. DES (when used in single-DES mode)
+ and IDEA are no longer recommended for general use in TLS, and have
+ been removed from TLS version 1.2 [TLS12].
+
+ This document specifies these cipher suites for completeness and
+ discusses reasons why their use is no longer recommended.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [REQ].
+
+
+
+Eronen Informational [Page 1]
+
+RFC 5469 DES and IDEA Cipher Suites for TLS February 2009
+
+
+2. DES Cipher Suites
+
+ DES (Data Encryption Standard) is a block cipher that was originally
+ approved as a US federal standard in 1976, and is specified in [DES].
+
+ For TLS key generation purposes, DES is treated as having a 64-bit
+ key, but it still provides only 56 bits of protection, as 8 of the 64
+ bits are not used by the algorithm. DES uses a 64-bit block size.
+
+ The following cipher suites have been defined for using DES in Cipher
+ Block Chaining (CBC) mode in TLS:
+
+ CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
+ CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
+ CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
+ CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
+ CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
+ CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
+
+ The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA,
+ and DH_anon) and the MAC (Message Authentication Code) algorithm
+ (SHA) are defined in the base TLS specification.
+
+3. IDEA Cipher Suite
+
+ IDEA (International Data Encryption Algorithm) is a block cipher
+ designed by Xuejia Lai and James Massey [IDEA] [SCH]. IDEA uses a
+ 128-bit key and operates on 64-bit blocks.
+
+ The following cipher suite has been defined for using IDEA in CBC
+ mode in TLS:
+
+ CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
+
+ The key exchange algorithm (RSA) and the MAC algorithm (SHA) are
+ defined in the base TLS specification.
+
+4. Security Considerations
+
+4.1. DES Cipher Suites
+
+ DES has an effective key strength of 56 bits, which has been known to
+ be vulnerable to practical brute force attacks for over 20 years
+ [DH]. A relatively recent 2006 paper by Kumar, et al. [COPA]
+ describes a system that performs an exhaustive key search in less
+ than nine days on average, and costs less than 10,000 USD to build.
+
+
+
+
+
+Eronen Informational [Page 2]
+
+RFC 5469 DES and IDEA Cipher Suites for TLS February 2009
+
+
+ Given this, the single-DES cipher suites SHOULD NOT be implemented by
+ TLS libraries. If a TLS library implements these cipher suites, it
+ SHOULD NOT enable them by default. Experience has also shown that
+ rarely used code is a source of security and interoperability
+ problems, so existing implementations SHOULD consider removing these
+ cipher suites.
+
+4.2. IDEA Cipher Suite
+
+ IDEA has a 128-bit key, and thus is not vulnerable to an exhaustive
+ key search. However, the IDEA cipher suite for TLS has not seen
+ widespread use: most implementations either do not support it, do not
+ enable it by default, or do not negotiate it when other algorithms
+ (such as AES, 3DES, or RC4) are available.
+
+ Experience has shown that rarely used code is a source of security
+ and interoperability problems; given this, the IDEA cipher suite
+ SHOULD NOT be implemented by TLS libraries and SHOULD be removed from
+ existing implementations.
+
+5. IANA Considerations
+
+ IANA has already allocated values for the cipher suites described in
+ this document in the TLS Cipher Suite Registry, defined in [TLS11].
+ IANA has updated the references of these cipher suites to point to
+ this document:
+
+ Value Description Reference
+ ----------- -------------------------------------- ---------
+ 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469]
+ 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469]
+ 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469]
+ 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469]
+ 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469]
+ 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469]
+ 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469]
+
+ This document does not create any new registries to be maintained by
+ IANA, and does not require any new assignments from existing
+ registries.
+
+6. Acknowledgments
+
+ The editor would like to thank Steven Bellovin, Uri Blumenthal,
+ Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Tom
+ Petch, Martin Rex, and Len Sassaman for their contributions to
+ preparing this document.
+
+
+
+
+Eronen Informational [Page 3]
+
+RFC 5469 DES and IDEA Cipher Suites for TLS February 2009
+
+
+7. References
+
+7.1. Normative References
+
+ [DES] National Institute of Standards and Technology, "Data
+ Encryption Standard (DES)", FIPS PUB 46-3, October 1999.
+
+ [IDEA] Lai, X., "On the Design and Security of Block Ciphers",
+ ETH Series in Information Processing, v. 1, Konstanz:
+ Hartung-Gorre Verlag, 1992.
+
+ [REQ] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [SCH] Schneier, B., "Applied Cryptography: Protocols, Algorithms,
+ and Source Code in C", 2nd ed., John Wiley & Sons, Inc.,
+ 1996.
+
+ [TLS10] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
+ RFC 2246, January 1999.
+
+ [TLS11] Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.1", RFC 4346, April 2006.
+
+ [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.2", RFC 5246, August 2008.
+
+7.2. Informative References
+
+ [COPA] Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M.
+ Schimmler, "Breaking Ciphers with COPACOBANA - A Cost-
+ Optimized Parallel Code Breaker", Workshop on Cryptographic
+ Hardware and Embedded Systems (CHES 2006), Yokohama, Japan,
+ October 2006.
+
+ [DH] Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the
+ NBS Data Encryption Standard", IEEE Computer, Volume 10,
+ Issue 6, June 1977.
+
+Author's Address
+
+ Pasi Eronen (editor)
+ Nokia Research Center
+ P.O. Box 407
+ FIN-00045 Nokia Group
+ Finland
+
+ EMail: pasi.eronen@nokia.com
+
+
+
+Eronen Informational [Page 4]
+