From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc5469.txt | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 doc/rfc/rfc5469.txt (limited to 'doc/rfc/rfc5469.txt') diff --git a/doc/rfc/rfc5469.txt b/doc/rfc/rfc5469.txt new file mode 100644 index 0000000..517392e --- /dev/null +++ b/doc/rfc/rfc5469.txt @@ -0,0 +1,227 @@ + + + + + + +Network Working Group P. Eronen, Ed. +Request for Comments: 5469 Nokia +Category: Informational February 2009 + + + DES and IDEA Cipher Suites for Transport Layer Security (TLS) + +Status of This Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard of any kind. Distribution of this + memo is unlimited. + +Copyright Notice + + Copyright (c) 2009 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents (http://trustee.ietf.org/ + license-info) in effect on the date of publication of this document. + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. + +Abstract + + Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC + 4346) include cipher suites based on DES (Data Encryption Standard) + and IDEA (International Data Encryption Algorithm) algorithms. DES + (when used in single-DES mode) and IDEA are no longer recommended for + general use in TLS, and have been removed from TLS version 1.2 (RFC + 5246). This document specifies these cipher suites for completeness + and discusses reasons why their use is no longer recommended. + +1. Introduction + + TLS versions 1.0 [TLS10] and 1.1 [TLS11] include cipher suites based + on DES (Data Encryption Standard) and IDEA (International Data + Encryption Algorithm) algorithms. DES (when used in single-DES mode) + and IDEA are no longer recommended for general use in TLS, and have + been removed from TLS version 1.2 [TLS12]. + + This document specifies these cipher suites for completeness and + discusses reasons why their use is no longer recommended. + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [REQ]. + + + +Eronen Informational [Page 1] + +RFC 5469 DES and IDEA Cipher Suites for TLS February 2009 + + +2. DES Cipher Suites + + DES (Data Encryption Standard) is a block cipher that was originally + approved as a US federal standard in 1976, and is specified in [DES]. + + For TLS key generation purposes, DES is treated as having a 64-bit + key, but it still provides only 56 bits of protection, as 8 of the 64 + bits are not used by the algorithm. DES uses a 64-bit block size. + + The following cipher suites have been defined for using DES in Cipher + Block Chaining (CBC) mode in TLS: + + CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 }; + CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C }; + CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F }; + CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 }; + CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 }; + CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; + + The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA, + and DH_anon) and the MAC (Message Authentication Code) algorithm + (SHA) are defined in the base TLS specification. + +3. IDEA Cipher Suite + + IDEA (International Data Encryption Algorithm) is a block cipher + designed by Xuejia Lai and James Massey [IDEA] [SCH]. IDEA uses a + 128-bit key and operates on 64-bit blocks. + + The following cipher suite has been defined for using IDEA in CBC + mode in TLS: + + CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; + + The key exchange algorithm (RSA) and the MAC algorithm (SHA) are + defined in the base TLS specification. + +4. Security Considerations + +4.1. DES Cipher Suites + + DES has an effective key strength of 56 bits, which has been known to + be vulnerable to practical brute force attacks for over 20 years + [DH]. A relatively recent 2006 paper by Kumar, et al. [COPA] + describes a system that performs an exhaustive key search in less + than nine days on average, and costs less than 10,000 USD to build. + + + + + +Eronen Informational [Page 2] + +RFC 5469 DES and IDEA Cipher Suites for TLS February 2009 + + + Given this, the single-DES cipher suites SHOULD NOT be implemented by + TLS libraries. If a TLS library implements these cipher suites, it + SHOULD NOT enable them by default. Experience has also shown that + rarely used code is a source of security and interoperability + problems, so existing implementations SHOULD consider removing these + cipher suites. + +4.2. IDEA Cipher Suite + + IDEA has a 128-bit key, and thus is not vulnerable to an exhaustive + key search. However, the IDEA cipher suite for TLS has not seen + widespread use: most implementations either do not support it, do not + enable it by default, or do not negotiate it when other algorithms + (such as AES, 3DES, or RC4) are available. + + Experience has shown that rarely used code is a source of security + and interoperability problems; given this, the IDEA cipher suite + SHOULD NOT be implemented by TLS libraries and SHOULD be removed from + existing implementations. + +5. IANA Considerations + + IANA has already allocated values for the cipher suites described in + this document in the TLS Cipher Suite Registry, defined in [TLS11]. + IANA has updated the references of these cipher suites to point to + this document: + + Value Description Reference + ----------- -------------------------------------- --------- + 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469] + 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469] + 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469] + 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469] + 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469] + 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469] + 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469] + + This document does not create any new registries to be maintained by + IANA, and does not require any new assignments from existing + registries. + +6. Acknowledgments + + The editor would like to thank Steven Bellovin, Uri Blumenthal, + Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Tom + Petch, Martin Rex, and Len Sassaman for their contributions to + preparing this document. + + + + +Eronen Informational [Page 3] + +RFC 5469 DES and IDEA Cipher Suites for TLS February 2009 + + +7. References + +7.1. Normative References + + [DES] National Institute of Standards and Technology, "Data + Encryption Standard (DES)", FIPS PUB 46-3, October 1999. + + [IDEA] Lai, X., "On the Design and Security of Block Ciphers", + ETH Series in Information Processing, v. 1, Konstanz: + Hartung-Gorre Verlag, 1992. + + [REQ] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [SCH] Schneier, B., "Applied Cryptography: Protocols, Algorithms, + and Source Code in C", 2nd ed., John Wiley & Sons, Inc., + 1996. + + [TLS10] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", + RFC 2246, January 1999. + + [TLS11] Dierks, T. and E. Rescorla, "The Transport Layer Security + (TLS) Protocol Version 1.1", RFC 4346, April 2006. + + [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security + (TLS) Protocol Version 1.2", RFC 5246, August 2008. + +7.2. Informative References + + [COPA] Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M. + Schimmler, "Breaking Ciphers with COPACOBANA - A Cost- + Optimized Parallel Code Breaker", Workshop on Cryptographic + Hardware and Embedded Systems (CHES 2006), Yokohama, Japan, + October 2006. + + [DH] Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the + NBS Data Encryption Standard", IEEE Computer, Volume 10, + Issue 6, June 1977. + +Author's Address + + Pasi Eronen (editor) + Nokia Research Center + P.O. Box 407 + FIN-00045 Nokia Group + Finland + + EMail: pasi.eronen@nokia.com + + + +Eronen Informational [Page 4] + -- cgit v1.2.3