Hi, I'm not particularly convinced.
On Mon, 8 Jan 2018 13:10:07 -0800 William Bathurst <wbath...@gmail.com> wrote: > I will summarize in a different way though. We wish to offer an > optimized lightweight TLS for IoT. A majority of devices found in IoT > are resource constrained, for example a device CPU may only have 32K > of RAM. Therefore security is an afterthought by developers. For some > only AES 128 is available and they wish to use 256 bit encryption. > Then Speck 256 would be an option because it has better performance > and provides sufficient security. Why would someone want a 256 bit cipher in a constrained device? This sounds more like crypto numerology to me where people think "larger keys are better just because". I'd take a well researched algorithm like aes128 over a hardly researcherd 256 bit one every time. > Based on the above scenario you can likely see why we are interested > in OpenSSL. First, OpenSSL can be used for terminating lightweight > TLS connections near the edge, and then forwarding using commonly > used ciphers. Ok, so we're talking about Speck in TLS here. I feel this raises the bar even more and doesn't really belong here any time soon. Is there any effort in standardizing this? I haven't seen it on the TLS WG mailing list and I tried to google speck tls draft and haven't found anything. For the record: I feel such a move - adding a new cipher to TLS - requires much more than "we want a lightweight cipher and NSA gave us one". If there is serious demand for more lightweight ciphers in TLS I'd expect some kind of open and transparent competition like it happened with AES or SHA3 - or at least some open discussion in CFRG. However I'm not convinced this demand even exists. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev