Re: [AVTCORE] Criticism on draft-ietf-avtcore-srtp-aes-gcm
Florian Zeitz <florob@babelmonkeys.de> Thu, 24 April 2014 23:21 UTC
Return-Path: <florob@babelmonkeys.de>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 781C51A02A1 for <avt@ietfa.amsl.com>; Thu, 24 Apr 2014 16:21:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.822
X-Spam-Level:
X-Spam-Status: No, score=-1.822 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-ZrtVN2LYPB for <avt@ietfa.amsl.com>; Thu, 24 Apr 2014 16:21:14 -0700 (PDT)
Received: from babelmonkeys.de (babelmonkeys.de [IPv6:2a02:d40:3:1:10a1:5eff:fe52:509]) by ietfa.amsl.com (Postfix) with ESMTP id 6BF0A1A0294 for <avt@ietf.org>; Thu, 24 Apr 2014 16:21:14 -0700 (PDT)
Received: from xdsl-87-79-136-79.netcologne.de ([87.79.136.79] helo=[192.168.0.140]) by babelmonkeys.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <florob@babelmonkeys.de>) id 1WdSx3-0002GL-UW; Fri, 25 Apr 2014 01:21:10 +0200
Message-ID: <53599C5D.1020206@babelmonkeys.de>
Date: Fri, 25 Apr 2014 01:21:01 +0200
From: Florian Zeitz <florob@babelmonkeys.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, avt@ietf.org
References: <53568695.7090509@babelmonkeys.de> <535924F1.8000709@ericsson.com>
In-Reply-To: <535924F1.8000709@ericsson.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/avt/9lFbb4EjOOZnLs54UgxIuiVNFyo
Subject: Re: [AVTCORE] Criticism on draft-ietf-avtcore-srtp-aes-gcm
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2014 23:21:16 -0000
On 24.04.2014 16:51, Magnus Westerlund wrote: > Florian, > Hello Magnus, > I would like to point out one factual error in your criticism: > > The draft does mandate support for the longest 128 bit authentication > tag if one support the cipher at all. This is a quote from Section 13.1: > > Any implementation of AES-GCM SRTP MUST support both AEAD_AES_128_GCM > and AEAD_AES_256_GCM (the versions with 16 octet AEAD authentication > tags), and it MAY support the four other variants shown in table 1. > > Similarly from 13.2 for AES-CCM > > Any implementation of AES-CCM SRTP/SRTCP MUST support both > AEAD_AES_128_CCM and AEAD_AES_256_CCM (the versions with 16 octet > AEAD authentication tags), and MAY support the other four variants. > > But, to be fair this was changed very recently. > I'm admittedly a bit irritated, by you calling this my criticism. Particularly after having pointed out I do not fully agree with it, but am merely the messenger. The parenthetical you refer to is my own analysis however. And in fact it does appear I accidentally read the -10 version of the draft. I do apologize for that mistake. > I would also note that the draft's security consideration section do > discuss the shorter than authentication tag length of actual > authentication protection for AES-GCM. > > It is up to the WG to discuss if it thinks there should be any changes > based on your input. And I have to ask you what you think should be the > action based on your personal opinion. > I suspect you might be wondering why I'm bringing this up if I don't fully agree with the criticism. The reason is quite simply that I still believe in the IETF culture. In particular I believe that, unlike what many media outlets are claiming recently, the IETF and its WGs are fully capable of appropriately dealing with criticism, and not letting themselves gag by any government agency. (I.e. in some way I'm trying to prove a point here) However, dealing with criticism is only possible, when it is actually expressed towards the WG, which apparently neither Erich Möchel nor Michael Kafka found necessary. I see two ways to address this: Either the WG agrees with the criticism, the logical consequence of which would be removing GCM from the draft. Or the authors/WG explain why they believe this draft to be reasonably secure, despite the criticism, and proceed with the current wording. David McGrew choose the second option, and I'm personally content with that. Hearing a second opinion from other WG members would be appreciated though. Regards Florian Zeitz
- [AVTCORE] Criticism on draft-ietf-avtcore-srtp-ae… Florian Zeitz
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… Magnus Westerlund
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… Florian Zeitz
- [AVTCORE] Criticism on draft-ietf-avtcore-srtp-ae… David McGrew
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… Magnus Westerlund
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… John Mattsson