Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS)
Alissa Cooper <alissa@cooperw.in> Tue, 10 February 2015 20:21 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 681AB1A6FF7 for <avt@ietfa.amsl.com>; Tue, 10 Feb 2015 12:21:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1CbJgwkfvte1 for <avt@ietfa.amsl.com>; Tue, 10 Feb 2015 12:21:25 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D28E81A7018 for <avt@ietf.org>; Tue, 10 Feb 2015 12:21:03 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 2C2FC20F7F for <avt@ietf.org>; Tue, 10 Feb 2015 15:21:03 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute2.internal (MEProxy); Tue, 10 Feb 2015 15:21:03 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h= x-sasl-enc:content-type:mime-version:subject:from:in-reply-to :date:cc:content-transfer-encoding:message-id:references:to; s= mesmtp; bh=toUIrXAgsLaPlvBTWkAig26Zz2U=; b=cAFxF1odrVGFNZwIWWvU6 QHr5mmG1DvtAXS274yKOYtJ84soYTMAFJbq89A/6fbvRz++1piUs2DSxpOa1wgNn JhDiqpLEhObnol+hPLl7++BA5SmFOUr/3Y9uYzKuOWDROk4rrP766QXNCQ5FKvz4 zQdViVIcDEKAXOC169AlMQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:content-type:mime-version :subject:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; s=smtpout; bh=toUIrXAgsLaPlvBTWkAig26 Zz2U=; b=oAOc/apEs1f4yhaeE3StFxhlew8EwvSGACeFyXNA9hQH8Mz2HUq7ohI gPCQZMuraJf8kgh8zIFGxIJZxYMPnwU6VRSMh6fFYprmE5HplaO/bPM//naUPrXw uXLSwYXj0nfHTgFOuf3TmjoHuJuFps/gjnCvpa1fNv5C8ASVQ9ho=
X-Sasl-enc: i4bD0Kb18B2VsNeZJVeUyw4QznXlYqmekbzGyjRwiXOf 1423599662
Received: from sjc-alcoop-8817.cisco.com (unknown [128.107.239.234]) by mail.messagingengine.com (Postfix) with ESMTPA id DD1F2C00297; Tue, 10 Feb 2015 15:21:00 -0500 (EST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <54DA0C45.2030609@ericsson.com>
Date: Tue, 10 Feb 2015 12:21:01 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <214AB7CA-19B4-4CB6-B60A-A31478FB00DD@cooperw.in>
References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <B1821703-9D09-41C5-AAC1-5EBB9CE2ACC4@cisco.com> <54516572.8020601@cs.tcd.ie> <D825D4F3-26D3-49BE-9E32-0E4FFF89BC40@cisco.com> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie> <54DA0C45.2030609@ericsson.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/avt/fRv2fwhir-safEa4NvPfn2Whsug>
Cc: "draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org" <draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org>, David McGrew <mcgrew@cisco.com>, IETF AVTCore WG <avt@ietf.org>, "avtcore-chairs@tools.ietf.org" <avtcore-chairs@tools.ietf.org>, IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2015 20:21:28 -0000
For scheduling purposes I put this on the agenda for the next informal (Feb 26 at 16:30 UTC) and have reached out to the authors separately to see if they are available. If it gets resolved before then we can remove it from the agenda. Alissa On Feb 10, 2015, at 5:48 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote: > Hi, > > I would definitely want the authors to step in now and provide their > reasoning for why these options have been included. > > > > On 2015-02-09 23:58, Stephen Farrell wrote: >> >> Hi Magnus, >> >> On 09/02/15 12:05, Magnus Westerlund wrote: >>> Hi Stephen, >>> >>> (as individual) >>> I also wished the WG was more active. >> >> Yep, hard to evaluate consensus with so few commenting. >> >> Thanks for the good analysis below, I'll respond here as I think >> that's better done in reverse order almost. >> >> - aes-128 in any flavour is good enough, there's IMO no pressing >> need for aes-256 here > > Despite that we have a definition for AES-256 for SRTP already and > personally I find it a bit difficult to throw away work for something we > are likely to going to need in the future. > >> - gcm vs. ccm: those are functionally equivalent as far as this >> application is concerned I think - the only reason to have both >> is if one has to deal with systems that only support one and not >> the other; ccm is all that is available on some very constrained >> devices for essentially historical reasons and again I don't see >> why that is an issue here (it could be, but I don't recall anyone >> saying that it is - apologies if I've forgotten) > > Well, if I understand the security analysis then apparently CCM is less > sensitive to a weak authentication, and could use the 64 bit > authentication tag, while GCM needs a stronger one. Thus, from that > perspective, if we at all are going to have a shorter authentication tag > then 128 bits, then why not use the 64 bit CCM then as that is > significant saving, rather than only four bytes for the GCM. > >> - I tend to agree with you about the 192 label >> >> If I were correct in the above then all that'd be really needed is >> >> AEAD_AES_128_GCM = {TBD, TBD } >> AEAD_AES_128_GCM_12 = {TBD, TBD } >> >> I'd argue that 2 options vs. 10 options may lead to overall >> better security and interop. as there will be many systems and >> libraries with less code and hence fewer bugs. (It's credible >> to argue that code size reduction might outweigh adding aes-256 >> in a case where you don't worry about ciphertext being secure >> for decades.) > > I understand the desire to avoid proliferation here. I might not see the > 256 bit keys in the same way. Make it clear that they are optional and > that anyone supporting AES-GCM MUST support 128-bit keys. But based on > the above reasoning if we are doing only AES-GCM then I rather see: > > AEAD_AES_128_GCM = {TBD, TBD } > AEAD_AES_256_GCM = {TBD, TBD } > > If we based on my above argumentation think we should provide a short > tag version then I think the set to define would become: > > AEAD_AES_128_CCM = {TBD, TBD } > AEAD_AES_256_CCM = {TBD, TBD } > AEAD_AES_128_CCM_64 = {TBD, TBD } > AEAD_AES_256_CCM_64 = {TBD, TBD } > > Using Martin's suggestion for being consistent in bits vs bytes. > >> >> If we continue to have so few folks engaging on this maybe the >> best way to handle it would be to talk about it on an IESG >> informal telechat if we can get you and David (and Russ) all >> on the call? (Or over a beer in Dallas I guess as that's also >> getting close and there a bunch of IESG calls coming up that >> are devotes to BoFs and the Dallas schedule.) >> > > Yes, unless we get more opinions now, I think the way forward is to go > that road so that we can conclude. > > > Cheers > > Magnus Westerlund > > ---------------------------------------------------------------------- > Services, Media and Network features, Ericsson Research EAB/TXM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > Färögatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > ---------------------------------------------------------------------- >
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Martin Thomson
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Alissa Cooper
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… John Mattsson
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… David McGrew
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Magnus Westerlund
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Igoe, Kevin M.
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Mo Zanaty (mzanaty)
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… Mo Zanaty (mzanaty)
- Re: [AVTCORE] Stephen Farrell's Discuss on draft-… John Mattsson