[AVTCORE] Re: Working group last call on draft-ietf-avtcore-srtp-aes-gcm-03
Woo-Hwan Kim <whkim5@ensec.re.kr> Tue, 04 December 2012 04:31 UTC
Return-Path: <woohwankim@gmail.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4A8C1F0C6E for <avt@ietfa.amsl.com>; Mon, 3 Dec 2012 20:31:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.526
X-Spam-Level:
X-Spam-Status: No, score=-1.526 tagged_above=-999 required=5 tests=[AWL=-0.850, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MANGLED_LIST=2.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-pqKQ1mINVI for <avt@ietfa.amsl.com>; Mon, 3 Dec 2012 20:31:53 -0800 (PST)
Received: from mail-ie0-f172.google.com (mail-ie0-f172.google.com [209.85.223.172]) by ietfa.amsl.com (Postfix) with ESMTP id B51A21F0C61 for <avt@ietf.org>; Mon, 3 Dec 2012 20:31:53 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id c13so5876858ieb.31 for <avt@ietf.org>; Mon, 03 Dec 2012 20:31:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=F3EWKmCYOMTwGyxJwJ1IUHfThhTTT6EkW++AfEFjDX4=; b=Ud22zbpBDJIcs5NV2CTdZWSOtvQydXrTPCeOA5MCC77C/RV8tATJEsUEACKB1SM4Wv yjoQv3zpDcSYWRLBlG3zVDOu+uxVXaYNzE5+O83hPlToEgJGA6xKW1wW3cnH+7sukA2r WvTsEaNaaFQ6kCy2V2R6Yk5nAOkeBCdqQuSbf99K4NN+Ruy7vfbjcngA+reFbBwtDLPW R3wzI19tfSvYize5qW2qFXDGPmP3JL1DhtTQ9fY7GuaRgSfbSTRdKSJ4ewW3Wz789CIa 16RLPXZEEkhMjxg5K/1Qbn92mvPJZ97snW195g4R2zro20WoWpP1yyiBxmev8g6YjNEL 6LoA==
MIME-Version: 1.0
Received: by 10.50.222.231 with SMTP id qp7mr1310194igc.74.1354595513376; Mon, 03 Dec 2012 20:31:53 -0800 (PST)
Sender: woohwankim@gmail.com
Received: by 10.64.47.163 with HTTP; Mon, 3 Dec 2012 20:31:53 -0800 (PST)
Date: Tue, 04 Dec 2012 13:31:53 +0900
X-Google-Sender-Auth: z8SEvQYpdTkEqr4PJwXpvaJ6Vzg
Message-ID: <CAMRi9CfTjQ8SmmPfkxStwNppmo1rfF1Fb6PjYT2EiM9U=Sm1iw@mail.gmail.com>
From: Woo-Hwan Kim <whkim5@ensec.re.kr>
To: avt@ietf.org, Magnus Westerlund <magnus.westerlund@ericsson.com>, draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org
Content-Type: multipart/alternative; boundary="14dae934089f639e6c04cfff58dd"
Cc: Daesung Kwon <ds_kwon@ensec.re.kr>, Je Hong Park <jhpark@ensec.re.kr>
Subject: [AVTCORE] Re: Working group last call on draft-ietf-avtcore-srtp-aes-gcm-03
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Dec 2012 04:31:54 -0000
Hi. Here are some comments on draft-ietf-avtcore-srtp-aes-gcm-03 1. Typos Sec. 5.3 - Validation Error flag raised => Validity_Flag is to be FALSE Sec. 6 - the plaintext to form cipher => the plaintext to form ciphertext - this apllication => this application - A (first_key_block, keystream) pair => A (first_key_block, key_stream) pair - These keystream generation processes allows for => These keystream generation processes allow for - up to (2^24)-16 octets for AES-CCM and => up to (2^28)-16 octets for AES-CCM and Sec. 7 - AEAD_AEC => AEAD_AES Sec. 8.1 - the older authentication methods redundant => the older authentication mechanisms redundant - Some applications use the SRTP/SRTCP Authentication Tag as => Some applications use the SRTP/SRTCP authentication tag field as Sec. 8.2 - Neither AES-GCM not AES-CCM => Neither AES-GCM nor AES-CCM - RECOMENDED => RECOMMENDED Sec. 9.1 - used by both AES-GCM and AES-CCM SRTP is => used by both AES-GCM and AES-CCM in SRTP is - and the two octet sequence number SEQ. => and the 2-octet sequence number SEQ. Sec. 9.2 & 10.2 - AEAD cipher, ~containing the cipher, the resulting cipher => AEAD ciphertext, ~containing the ciphertext, the resulting ciphertext Sec. 9.2, 10.2 & 10.3 (similar meaning, different writing) - The data fields within the SRTP packets are broken into Associated Data, Plaintext and Raw Data as follows (see figure 2): - the SRTCP packet is broken into plaintext, associated data, and raw (untouched) data as listed below (see figure 4): - the SRTCP compound packet is broken into plaintext, associated data, and raw (untouched) data as follows (see figure 5): Sec. 10.3 - returns a cipher field which ~, This cipher ~, the Encryption flag => a ciphertext which ~, This ciphertext ~, the encryption flag Sec. 11.1 - GCM: MUST be at most 2^36-16 octets CCM: MUST be at most 2^24+16 octets => GCM: MUST be at most 2^36-32 octets CCM: MUST be at most 2^28-16 octets Sec. 11.2 & 11.3 - Any implementation of AES-GCM(AES-CCM) SRTP SHOULD ~ => Any implementation of AES-GCM(AES-CCM) in SRTP SHOULD ~ Sec. 11.3 - in counter node encryptionn, AES-CCM authentications also useus => ~ in counter mode encryption, AES-CCM authentications also uses ~ Sec. 12 - AEAD_AES_128(256)_CCM(GCM) algorithms => AEAD_AES_128(256)_CCM(GCM) Sec. 13.1 - after each block key has => after each encryption key has 2. Editing Sec. 1 3rd and 4th paragraphs - In 3rd paragraph, 2nd sentence 'Two families of ~ based upon AES.' is repeated in 4th paragraph. So it may be better to remove this sentence, and to modify the last sentence as follows: 'This specification uses GCM and CCM with AES, which we call AES-GCM and AES-CCM respectively)' Sec. 8.1 1st and 2nd sentences When an AEAD algorithm is used for SRTP/SRTCP, the AEAD message authentication mechanism MUST be the primary message authentication mechanism. 3. Length vs Size It may be good to unify the words 'length' and 'size' 4. CCM authentication tag length Though the CCM specification adapted by NIST and IETF uses the tag length to format the message, basically there is no difference between CCM and GCM to deal with authentication tag length. As GCM, CCMs with different tag length (ex. CCM_8, CCM_12) should be considered separately. AEAD Parameters managed by IANA also show it. In addition, it is not necessary to consider the capability of handling variable-length authentication tags because this draft restricts the length of authenticated tag to be 8, 12, or 16. And tag length should be shared by key manage process based on SDES, DTLS or MIKEY. Though MIKEY explicitly supports authentication tag length parameter as specified in Section 14.3, SDES and DTLS do not. Instead, the choice of cipher suite (or protection profile) implies the authentication tag length directly. So I think that cipher suites for SDES should be corresponded to protection profiles for DTLS, and that is the reason why I recommend to add cipher suites of CCM with authentication tag length 8 and 12. Because the authentication tag length is shared during key and parameters negotiation, I think that Encrypt/Decrypt mode described in Section 5.2 does not need to use the term 'Tag_Size_Flag' explicitly. The above also holds for the Decrypt Mode in 5.2.2. Thanks. Best Regards, Woo-Hwan Kim > Date: Tue, 27 Nov 2012 15:20:46 +0100 > From: Magnus Westerlund <magnus.westerlund@ericsson.com> > To: IETF AVTCore WG <avt@ietf.org> > Subject: [AVTCORE] Working group last call on > draft-ietf-avtcore-srtp-aes-gcm-03 > Message-ID: <50B4CC3E.6070705@ericsson.com> > Content-Type: text/plain; charset="ISO-8859-1" > > WG, > > This announces the WG last call on AES-GCM and AES-CCM Authenticated > Encryption in Secure RTP (SRTP) > https://datatracker.ietf.org/doc/draft-ietf-avtcore-srtp-aes-gcm/ > > Please provide any comments no later than the 12th of December. Also > comments of the nature of "I have read it and have no comments and think > it should be published" are highly valuable. > > Cheers > > Magnus Westerlund > > ---------------------------------------------------------------------- > Multimedia Technologies, Ericsson Research EAB/TVM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > F?r?gatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com > ----------------------------------------------------------------------
- [AVTCORE] Working group last call on draft-ietf-a… Magnus Westerlund
- Re: [AVTCORE] Working group last call on draft-ie… Jonathan Lennox
- Re: [AVTCORE] Working group last call on draft-ie… David McGrew (mcgrew)
- [AVTCORE] Re: Working group last call on draft-ie… Woo-Hwan Kim
- Re: [AVTCORE] Working group last call on draft-ie… Magnus Westerlund
- Re: [AVTCORE] Working group last call on draft-ie… Magnus Westerlund
- Re: [AVTCORE] Working group last call on draft-ie… Igoe, Kevin M.