[Cfrg] Use of draft-mgcrew-aead-aes-cbc-hmac-sha2 with CMS
"Jim Schaad" <ietf@augustcellars.com> Sun, 17 March 2013 17:01 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3E9421F8BF8 for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2013 10:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbzsywMBnric for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2013 10:01:34 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by ietfa.amsl.com (Postfix) with ESMTP id B268D21F8BE7 for <cfrg@irtf.org>; Sun, 17 Mar 2013 10:01:31 -0700 (PDT)
Received: from Philemon (ip-64-134-191-81.public.wayport.net [64.134.191.81]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id B18492C9BC; Sun, 17 Mar 2013 10:01:30 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: David McGrew <mcgrew@cisco.com>
Date: Sun, 17 Mar 2013 13:00:53 -0400
Message-ID: <088401ce2330$fef84950$fce8dbf0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0885_01CE230F.77E808E0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac4jLkgMuq37lVAvRXCo2xsqoYEAgg==
Content-Language: en-us
Cc: cfrg@irtf.org
Subject: [Cfrg] Use of draft-mgcrew-aead-aes-cbc-hmac-sha2 with CMS
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2013 17:01:34 -0000
David, If I were to assume that I wanted to use your draft rather than RFC 6476 (Using Message Authentication Code (MAC) Encryption in the Cryptographic Message Syntax (CMS)) in a CMS context with the AEAD structures defined in RFC 5038, I believe that I would have a problem. Specifically, the current CMS structure assumes that the IV and the authentication tag are kept separate I have no objects to the fact that a long key is used and the fact that the MAC cannot be truncated. However the fact that the IV and the tag MUST be part of the encryption stream is difficult. I do however 100% agree that the IV MUST be included in the tag computation. Jim