datatracker.ietf.org
Sign in
Version 5.6.2.p2, 2014-07-24
Report a bug

DES and IDEA Cipher Suites for Transport Layer Security (TLS)
RFC 5469

Document type: RFC - Informational (February 2009; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5469 (Informational)
Responsible AD: Tim Polk
Send notices to: tls-chairs@tools.ietf.org, draft-ietf-tls-des-idea@tools.ietf.org

Network Working Group                                     P. Eronen, Ed.
Request for Comments: 5469                                         Nokia
Category: Informational                                    February 2009

     DES and IDEA Cipher Suites for Transport Layer Security (TLS)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (http://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC
   4346) include cipher suites based on DES (Data Encryption Standard)
   and IDEA (International Data Encryption Algorithm) algorithms.  DES
   (when used in single-DES mode) and IDEA are no longer recommended for
   general use in TLS, and have been removed from TLS version 1.2 (RFC
   5246).  This document specifies these cipher suites for completeness
   and discusses reasons why their use is no longer recommended.

1.  Introduction

   TLS versions 1.0 [TLS10] and 1.1 [TLS11] include cipher suites based
   on DES (Data Encryption Standard) and IDEA (International Data
   Encryption Algorithm) algorithms.  DES (when used in single-DES mode)
   and IDEA are no longer recommended for general use in TLS, and have
   been removed from TLS version 1.2 [TLS12].

   This document specifies these cipher suites for completeness and
   discusses reasons why their use is no longer recommended.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [REQ].

Eronen                       Informational                      [Page 1]
RFC 5469           DES and IDEA Cipher Suites for TLS      February 2009

2.  DES Cipher Suites

   DES (Data Encryption Standard) is a block cipher that was originally
   approved as a US federal standard in 1976, and is specified in [DES].

   For TLS key generation purposes, DES is treated as having a 64-bit
   key, but it still provides only 56 bits of protection, as 8 of the 64
   bits are not used by the algorithm.  DES uses a 64-bit block size.

   The following cipher suites have been defined for using DES in Cipher
   Block Chaining (CBC) mode in TLS:

      CipherSuite TLS_RSA_WITH_DES_CBC_SHA            = { 0x00,0x09 };
      CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA         = { 0x00,0x0C };
      CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA         = { 0x00,0x0F };
      CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA        = { 0x00,0x12 };
      CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA        = { 0x00,0x15 };
      CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA        = { 0x00,0x1A };

   The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA,
   and DH_anon) and the MAC (Message Authentication Code) algorithm
   (SHA) are defined in the base TLS specification.

3.  IDEA Cipher Suite

   IDEA (International Data Encryption Algorithm) is a block cipher
   designed by Xuejia Lai and James Massey [IDEA] [SCH].  IDEA uses a
   128-bit key and operates on 64-bit blocks.

   The following cipher suite has been defined for using IDEA in CBC
   mode in TLS:

      CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA           = { 0x00,0x07 };

   The key exchange algorithm (RSA) and the MAC algorithm (SHA) are
   defined in the base TLS specification.

4.  Security Considerations

4.1.  DES Cipher Suites

   DES has an effective key strength of 56 bits, which has been known to
   be vulnerable to practical brute force attacks for over 20 years
   [DH].  A relatively recent 2006 paper by Kumar, et al. [COPA]
   describes a system that performs an exhaustive key search in less
   than nine days on average, and costs less than 10,000 USD to build.

Eronen                       Informational                      [Page 2]
RFC 5469           DES and IDEA Cipher Suites for TLS      February 2009

   Given this, the single-DES cipher suites SHOULD NOT be implemented by
   TLS libraries.  If a TLS library implements these cipher suites, it
   SHOULD NOT enable them by default.  Experience has also shown that

[include full document text]