Re: TIS/PEM will probably have exprimental support for EDE

Message-Id: <9305211857(_dot_)AA23012(_at_)TIS(_dot_)COM>
Subject: Re: TIS/PEM will probably have exprimental support for EDE 
Date: Fri, 21 May 93 14:57:21 -0400
From: Stephen D Crocker <crocker(_at_)TIS(_dot_)COM>


Steve,

        I think you've hit the nail with this one:

Further, the vast majority of people are not in a position to know
whether EDE2 is good enough.  I think it's our responsibility to say
something useful in this arena.  If EDE2 is good enough, then we ought
not be shy about using it.  If EDE2 is not good enough, then we ought
not promote it.


We have no way of knowing whether any given algorithm is "good enough".  I
suspect that if anyone could answer that, he'd also be able to answer
?P=NP? and a number of other interesting questions.

What we know is that EDE2 is better than E1.  We also know that EDE3 is
better than EDE2.  We also know that EDE3 is the same work as EDE2, unless
someone happens to have a chip which implements EDE2 and doesn't allow
EDE3.  Since I don't have such a chip, only today heard that there was
one on the market and doubt that I would buy one, I'm not a major fan of
EDE2 over EDE3.  For me, EDE3 being the same work as EDE2 and being more
secure is enough to make my decision.

However, I
don't feel at all comfortable suggesting that I need to know whether
you can handle EDE3 as easily as EDE2.  This means I have to build up
and maintain this extra piece of information, and there's no good
infrastructure for doing so.


I agree that there is no such machinery.  However, I'm not suggesting that
any of us needs to know whether the other person can handle EDE3 as easily as
EDE2.  We don't know today if the recipient has H/W or S/W DES.  The only
way we would find out would be by being told.

What I suspect, for my own use, is that if I were sending small encrypted
messages (a few K long), the 3x for someone who has DES hardware is a drop
in the bucket.  It's when I'm sending something very long (100K+) that
it matters.  In my situation, the time I'd send something that large is
when sending it to our other engineering centers.  It wouldn't be one transfer
but would be one of a large number of similar transfers (part of normal
traffic).  For that pattern of traffic, if my buddy at the far end finds
that his machine is taking too long to decrypt, he could suggest to me
that I use EDE2 mode -- and in that exceptional case, I would do so.

However, I see this as a very exceptional case.  For all normal traffic,
I envision using EDE3.

 - Carl

<Prev in Thread]	Current Thread	[Next in Thread>
TIS/PEM will probably have exprimental support for EDE, Stephen D Crocker Re: TIS/PEM will probably have exprimental support for EDE, Ned Freed Re: TIS/PEM will probably have exprimental support for EDE, Carl Ellison Re: TIS/PEM will probably have exprimental support for EDE, Stephen D Crocker Re: TIS/PEM will probably have exprimental support for EDE, Steve Kent Re: TIS/PEM will probably have exprimental support for EDE, Carl Ellison Re: TIS/PEM will probably have exprimental support for EDE, Stephen D Crocker Re: TIS/PEM will probably have exprimental support for EDE, Brad Huntting Re: TIS/PEM will probably have exprimental support for EDE, Steve Kent Re: TIS/PEM will probably have exprimental support for EDE, Carl Ellison <= Re: TIS/PEM will probably have exprimental support for EDE, Steve Kent

Previous by Date:	Re: DES EDE vs. EEE, Carl Ellison
Next by Date:	Non-repudiation, TCJones
Previous by Thread:	Re: TIS/PEM will probably have exprimental support for EDE, Steve Kent
Next by Thread:	Re: TIS/PEM will probably have exprimental support for EDE, Steve Kent
Indexes:	[Date] [Thread] [Top] [All Lists]