Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS)
Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 10 February 2015 13:49 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 614871A0271; Tue, 10 Feb 2015 05:49:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PyijC4mLIrhy; Tue, 10 Feb 2015 05:48:59 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ECC61A026E; Tue, 10 Feb 2015 05:48:56 -0800 (PST)
X-AuditID: c1b4fb2d-f79fc6d000001087-a4-54da0c466001
Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id B6.C8.04231.64C0AD45; Tue, 10 Feb 2015 14:48:54 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.59) with Microsoft SMTP Server id 14.3.210.2; Tue, 10 Feb 2015 14:48:54 +0100
Message-ID: <54DA0C45.2030609@ericsson.com>
Date: Tue, 10 Feb 2015 14:48:53 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, David McGrew <mcgrew@cisco.com>
References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <B1821703-9D09-41C5-AAC1-5EBB9CE2ACC4@cisco.com> <54516572.8020601@cs.tcd.ie> <D825D4F3-26D3-49BE-9E32-0E4FFF89BC40@cisco.com> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie>
In-Reply-To: <54D93B9A.9090409@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDLMWRmVeSWpSXmKPExsUyM+Jvja4bz60Qg39d6hYve1ayW6z8dp3V Yu2RRIsZfyYyW0w49ZrV4uqqP+wW0/deY3dg95jyeyOrx9ruq2weS5b8ZPLo3/WS1ePL5c9s AaxRXDYpqTmZZalF+nYJXBmXH09nLJgvX7HgxS/GBsbv4l2MnBwSAiYSU5ofMELYYhIX7q1n 62Lk4hASOMIoMe3LHlYIZzmjxJ/FO1lAqngFtCV+XVwM1sEioCrRvn8fG4jNJmAhcfNHI5gt KhAssfj5U1aIekGJkzOfgPWKCARJLG5sA6thFuhkktjTnw5iCwvEScx6uYkdYtkbZok7N96B FXEKaEpMnQGyjAOoQVNi/S59iF55ieats5lBbCGgexqaOlgnMArOQrJuFkLHLCQdCxiZVzGK FqcWF+emGxnrpRZlJhcX5+fp5aWWbGIEBv/BLb91dzCufu14iFGAg1GJh9eg5GaIEGtiWXFl 7iFGaQ4WJXFeO+NDIUIC6YklqdmpqQWpRfFFpTmpxYcYmTg4pRoYXa+el40KzVWLFlX4ZRfO Vp95Z4uK1busT2uDO/RXa+2bUlChvlcwfdXuiW7Cy9JFLssa5T3Mv5KSktDSpDB128y2adnm X/i/Zs4NU9666sTbbw9ftB3R4j3+P0Uh3i+wc0XFv0cHo/qfuES0c6+asDOuR++Kn2D/z+o5 lt3hqqHzC9myb3spsRRnJBpqMRcVJwIApU7Co18CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/avt/8QXRRf_eMaHha8Yriq2t5T-ndWo>
Cc: "avtcore-chairs@tools.ietf.org" <avtcore-chairs@tools.ietf.org>, "draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org" <draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org>, The IESG <iesg@ietf.org>, IETF AVTCore WG <avt@ietf.org>
Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2015 13:49:01 -0000
Hi, I would definitely want the authors to step in now and provide their reasoning for why these options have been included. On 2015-02-09 23:58, Stephen Farrell wrote: > > Hi Magnus, > > On 09/02/15 12:05, Magnus Westerlund wrote: >> Hi Stephen, >> >> (as individual) >> I also wished the WG was more active. > > Yep, hard to evaluate consensus with so few commenting. > > Thanks for the good analysis below, I'll respond here as I think > that's better done in reverse order almost. > > - aes-128 in any flavour is good enough, there's IMO no pressing > need for aes-256 here Despite that we have a definition for AES-256 for SRTP already and personally I find it a bit difficult to throw away work for something we are likely to going to need in the future. > - gcm vs. ccm: those are functionally equivalent as far as this > application is concerned I think - the only reason to have both > is if one has to deal with systems that only support one and not > the other; ccm is all that is available on some very constrained > devices for essentially historical reasons and again I don't see > why that is an issue here (it could be, but I don't recall anyone > saying that it is - apologies if I've forgotten) Well, if I understand the security analysis then apparently CCM is less sensitive to a weak authentication, and could use the 64 bit authentication tag, while GCM needs a stronger one. Thus, from that perspective, if we at all are going to have a shorter authentication tag then 128 bits, then why not use the 64 bit CCM then as that is significant saving, rather than only four bytes for the GCM. > - I tend to agree with you about the 192 label > > If I were correct in the above then all that'd be really needed is > > AEAD_AES_128_GCM = {TBD, TBD } > AEAD_AES_128_GCM_12 = {TBD, TBD } > > I'd argue that 2 options vs. 10 options may lead to overall > better security and interop. as there will be many systems and > libraries with less code and hence fewer bugs. (It's credible > to argue that code size reduction might outweigh adding aes-256 > in a case where you don't worry about ciphertext being secure > for decades.) I understand the desire to avoid proliferation here. I might not see the 256 bit keys in the same way. Make it clear that they are optional and that anyone supporting AES-GCM MUST support 128-bit keys. But based on the above reasoning if we are doing only AES-GCM then I rather see: AEAD_AES_128_GCM = {TBD, TBD } AEAD_AES_256_GCM = {TBD, TBD } If we based on my above argumentation think we should provide a short tag version then I think the set to define would become: AEAD_AES_128_CCM = {TBD, TBD } AEAD_AES_256_CCM = {TBD, TBD } AEAD_AES_128_CCM_64 = {TBD, TBD } AEAD_AES_256_CCM_64 = {TBD, TBD } Using Martin's suggestion for being consistent in bits vs bytes. > > If we continue to have so few folks engaging on this maybe the > best way to handle it would be to talk about it on an IESG > informal telechat if we can get you and David (and Russ) all > on the call? (Or over a beer in Dallas I guess as that's also > getting close and there a bunch of IESG calls coming up that > are devotes to BoFs and the Dallas schedule.) > Yes, unless we get more opinions now, I think the way forward is to go that road so that we can conclude. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Martin Thomson
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Alissa Cooper
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… John Mattsson
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… David McGrew
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Igoe, Kevin M.
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Mo Zanaty (mzanaty)
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Mo Zanaty (mzanaty)
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… John Mattsson