[AVTCORE] Short Authentication tagsd in AES-GCM for SRTP
"Igoe, Kevin M." <kmigoe@nsa.gov> Fri, 19 June 2015 11:39 UTC
Return-Path: <kmigoe@nsa.gov>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045CE1A89B5 for <avt@ietfa.amsl.com>; Fri, 19 Jun 2015 04:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.011
X-Spam-Level:
X-Spam-Status: No, score=-5.011 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Wy4gsHgw_1Y for <avt@ietfa.amsl.com>; Fri, 19 Jun 2015 04:39:30 -0700 (PDT)
Received: from emvm-gh1-uea09.nsa.gov (emvm-gh1-uea09.nsa.gov [63.239.67.10]) by ietfa.amsl.com (Postfix) with ESMTP id 52E951A89AA for <avt@ietf.org>; Fri, 19 Jun 2015 04:39:30 -0700 (PDT)
X-TM-IMSS-Message-ID: <ad972a5a0002b825@nsa.gov>
Received: from MSHT-GH1-UEA01.corp.nsa.gov (msht-gh1-uea01.corp.nsa.gov [10.215.227.18]) by nsa.gov ([63.239.67.10]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id ad972a5a0002b825 ; Fri, 19 Jun 2015 07:43:18 -0400
Received: from MSMR-GH1-UEA05.corp.nsa.gov (10.215.228.28) by MSHT-GH1-UEA01.corp.nsa.gov (10.215.227.18) with Microsoft SMTP Server (TLS) id 14.2.347.0; Fri, 19 Jun 2015 07:39:28 -0400
Received: from MSMR-GH1-UEA03.corp.nsa.gov ([10.215.224.3]) by MSMR-GH1-UEA05.corp.nsa.gov ([10.215.228.28]) with mapi id 14.02.0347.000; Fri, 19 Jun 2015 07:39:27 -0400
From: "Igoe, Kevin M." <kmigoe@nsa.gov>
To: "avt@ietf.org" <avt@ietf.org>
Thread-Topic: Short Authentication tagsd in AES-GCM for SRTP
Thread-Index: AdCqhGMebW36IQSUS9CRfYCyWxpeTQ==
Date: Fri, 19 Jun 2015 11:39:27 +0000
Message-ID: <3C4AAD4B5304AB44A6BA85173B4675CABD223465@MSMR-GH1-UEA03.corp.nsa.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.228.46]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/avt/VOAJlmbvKpIjOn706vzizocxv34>
Subject: [AVTCORE] Short Authentication tagsd in AES-GCM for SRTP
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 11:39:32 -0000
After discussions with Magnus, we have decided it would be prudent to remove the option of short tags
(8-octet) from AES-GCM. Here is the reasoning:
- Following Appendix C of NIST 38-D us that using 8-octet tags with 2^k octet long packets constrains
the number of packets that can be sent before the key is changed 2^T where T = (109-3k)/2.
- Magnus points out that IPv6 will conceivably allow packets up to 2^32 octets in length.
Putting these two observations together we find that 2^32 octets long IPv6 packets, would only allow
2^6.5 = 90.5 packets/key. Not at all practical.
I feel that pursuing the use of short tags with AES-GCM in SRTP is a losing proposition and wish to remove
them from the ID, only allowing the use of a full 16-bytes tag. Any objections?
- [AVTCORE] Short Authentication tagsd in AES-GCM f… Igoe, Kevin M.