Re: [AVTCORE] draft-ietf-avtcore-srtp-aes-gcm-15

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 15 April 2015 09:13 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A37081B33A4 for <avt@ietfa.amsl.com>; Wed, 15 Apr 2015 02:13:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZsZ14ih4JOh for <avt@ietfa.amsl.com>; Wed, 15 Apr 2015 02:12:59 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4A661B33A0 for <avt@ietf.org>; Wed, 15 Apr 2015 02:12:58 -0700 (PDT)
X-AuditID: c1b4fb30-f79996d000006ebb-37-552e2b98fcda
Received: from ESESSHC004.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id C1.42.28347.89B2E255; Wed, 15 Apr 2015 11:12:56 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.32) with Microsoft SMTP Server id 14.3.210.2; Wed, 15 Apr 2015 11:12:55 +0200
Message-ID: <552E2B97.4020607@ericsson.com>
Date: Wed, 15 Apr 2015 11:12:55 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: "Igoe, Kevin M." <kmigoe@nsa.gov>, "avt@ietf.org" <avt@ietf.org>
References: <3C4AAD4B5304AB44A6BA85173B4675CABC80F8F9@MSMR-GH1-UEA03.corp.nsa.gov>
In-Reply-To: <3C4AAD4B5304AB44A6BA85173B4675CABC80F8F9@MSMR-GH1-UEA03.corp.nsa.gov>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBLMWRmVeSWpSXmKPExsUyM+Jvje4Mbb1QgylPDCxe9qxkt5hw6jWr A5PHkiU/mTz6d71kDWCK4rJJSc3JLEst0rdL4MqYcLCdraCTv+LV3cssDYyTeLoYOTkkBEwk Dh+awwphi0lcuLeerYuRi0NI4CijREvrWmaQhJDAckaJjx0xIDavgLbEn5t7WUBsFgFViTm3 P4HZbAIWEjd/NLKB2KICURITvx5igagXlDg58wmYLSLgIjF13lJGEFtYwFLi/aZH7BDzgyS+ dy0GinNwcAoES+zbUwsSZhYwkDiyCOI2ZgF5ieats6HO0ZZoaOpgncAoMAvJhllIWmYhaVnA yLyKUbQ4tTgpN93ISC+1KDO5uDg/Ty8vtWQTIzAoD275bbCD8eVzx0OMAhyMSjy8Csd0Q4VY E8uKK3MPMUpzsCiJ89oZHwoREkhPLEnNTk0tSC2KLyrNSS0+xMjEwSnVwFg201l08aFNE28H RiTfrOZzf3dqQpJT4LWwDqY9++c5SN2/InXou9PUrZPf7OlZcvLJ2sVn7FfXbUhUssxassSN 8/El2et75/34G5AYvlrxeFDtWY9dy6d2xjn/P5xve5wn0ZbLeK5arorVsbzPDtffyuYsce6Y sPDZolDOt+lHsvS523v5D21VYinOSDTUYi4qTgQAGLoYBisCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/avt/RegTfNqd2y7WAc64Wkp-IMGFS08>
Subject: Re: [AVTCORE] draft-ietf-avtcore-srtp-aes-gcm-15
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 09:13:00 -0000

Igoe, Kevin M. skrev den 2015-04-14 16:34:
> A new interim draft draft-ietf-avtcore-srtp-aes-gcm-15 has been posted.  This has (I hope) expunged any
> references to AES-GCM and reduced to only 3 modes of AES-GCM.  The final draft will include test vectors.
> 
> I'm being cautious in the generation of test vectors (with intermediate values displayed) becuse , you REALLY 
> don't want any typo's or other errors in test vectors.
> 


Hi,

Good that you posted this interim version as it allowed me to spot some
things I thing you should change.

1. Renaming the profile ID: AEAD_AES_128_GCM_8 to AEAD_AES_128_GCM_64

It looks strange to combine bits and octets for different fields.

2. Section 10, first pragraph:

s/fasmily/family

3. Section 13.2: Table 5:

Is the "(GCM)" needed now when there is only GCM in the draft?

4. Section 13.2:

Re-reading this section I wonder if it needs to be a bit more explicit
about actions. What I have understand a successful forgery will work
towards revealing the key. Thus, isn't it reasonable to actually demand
that a receiver logs how many failed forgery attempts that it has seen
and when that is sufficiently many that the security may start to be
compromised, request termination of the session. As this is a potential
Denial of service the number of attempts should be set as high as
possible to balance the risk of forgery against DoS the session.


Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------