[3087] in cryptography@c2.net mail archive
Re: DES Applicability Statement for Historic Status
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jul 27 10:37:08 1998
Date: Sun, 26 Jul 1998 23:06:18 +0000
To: cmcurtin@interhack.net
From: "Steven M. Bellovin" <smb@research.att.com>
Cc: "William Allen Simpson" <wsimpson@greendragon.com>,
Marc Horowitz <marc@cygnus.com>, cryptography@c2.net
In-Reply-To: <13755.35459.294773.344399@strangepork.interhack.net>
At 04:44 PM 7/26/98 -0400, C Matthew Curtin wrote:
>>>>>> "William" == William Allen Simpson <wsimpson@greendragon.com> writes:
>
>William> But other folks would not listen. Other folks would not even
>William> let us proceed to make Triple DES a Proposed Standard,
>William> forcing it to be published as "Experimental" instead.
>
>This isn't surprising.
>
>An article I coauthored, which was published in a special issue of
>;login:, was rejected as a refereed paper for the USENIX Security
>Symposium. In it, we said that each crack from here on out would only
>be done with less expense and/or less time. Among the complaints
>against our paper was this:
>
> Page 5 -- Your assertion that targets worth more than $10,000 are
> now very vulnerable to this attack is false. A second Internet
> challenge would draw less support, as would one that appeared to
> be a real attack on someone's secrets.
>
>A comparison of the rate with which the second crack of a DES-
>encrypted message proves the point that we made.
>
>I was *sure* that our assertion was correct. I was angry that an
>anonymous referee made a counterclaim with no ancillary references,
>and held that against us. After all, it was *our* research, and who
>was *he* to make such a bald claim?
Although I was on the program committee for that conference, I don't
remember seeing your paper. But I doubt very much that it would have been
rejected based on any single comment like that -- we simply didn't operate
that way. If nothing else, every paper was reviewed by at least three
program committee members, though admittedly not all provided detailed
comments on all papers.
I'd like to respond in detail, but program committee deliberations are
confidential; to say anything (or even nothing) would be inappropriate.
But bear in mind that the criteria are different for a paper at the
Security Symposium than for the IETF. The former demands both originality
and scholarship; the latter demands engineering compromise -- and, in
some cases, *lack* of originality. My own personal guess is that
the IPSEC group rejected 3DES baed on engineering considerations
and time issues -- certainly, those were the two messages I heard
on the list the last time I raised the issue, circa May 1. (And yes,
by that time I already knew of the Deep Crack machine, though I was barred
from mentioning it.)
