>I don't see any compelling argument for the inclusion of SPECK? Not only
would the affiliation with NSA give the >TLS-WG a bad rep. in the public,
more importantly, it makes one of our main problems worse: combinatorial
explosion >of possible cipher-suites in TLS. This problem is so bad that it
needs multiple blog posts, an effort by Mozilla and >bettercrypto.org
<http://bettercrypto.org> to get sys-admins to configure their services.
Hi all.
The reputation aspect is not necessarily and strictly correlated with it's
provenance, but with it's actual security and performance. And the SPECK we
shall note that performs quite well. Also we shall not forget that even the
infamous AES has been approved by the NSA before the widespread use of it.
In any case i wouldn't like for us to stand on the popular press. On the
other hand we shall evaluate if the SPECK could be actually used. For
example, the fact that it lacks extensive cryptanalysis is a serious
argument for not using it today, but what about the future specifications.
On top to that what if we could prove that the SPECK can have better
performance than other algos without sacrificing the security.
BRs,
Efthimios Iosifides
2016-03-18 19:49 GMT+02:00 Aaron Zauner <a...@azet.org>:
> Hi,
>
> > On 17 Mar 2016, at 07:35, Efthymios Iosifides <iosifid...@gmail.com>
> wrote:
> >
> > Hello all.
> >
> > I have just found on the ietf archives an email discussion about the
> inclusion of the SPECK Cipher
> > in the tls standards.
> > It's reference is below :
> https://www.ietf.org/mail-archive/web/tls/current/msg13824.html
> >
> > Even though that this cipher originates from the NSA one cannot find a
> whitepaper that describes it's full cryptanalysis. In the above discussion
> Mr. Strömbergson somehow perfunctorily presents two whitepapers that
> describe the SPECK's cryptanalysis. Although we shall keep in mind that
> these papers describe a limited round cryptanalysis. Also we shall not
> forget that a similar cryptanalysis has taken place for the famous AES.
> Therefore i personally do not see any actual arguments apart from the facts
> that concerns the algorithm's provenance for not including it in a future
> tls specification. In conclusion even by this day the SPECK cipher has not
> been yet fully cryptanalyzed succesfully.
>
> I don't see any compelling argument for the inclusion of SPECK? Not only
> would the affiliation with NSA give the TLS-WG a bad rep. in the public,
> more importantly, it makes one of our main problems worse: combinatorial
> explosion of possible cipher-suites in TLS. This problem is so bad that it
> needs multiple blog posts, an effort by Mozilla and bettercrypto.org to
> get sys-admins to configure their services.
>
> Aaron
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
