Re: [CFRG] [AVTCORE] [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
John Mattsson <john.mattsson@ericsson.com> Tue, 16 May 2023 08:01 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7406FC151532 for <cfrg@ietfa.amsl.com>; Tue, 16 May 2023 01:01:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SdKEy2JO319H for <cfrg@ietfa.amsl.com>; Tue, 16 May 2023 01:00:56 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0606.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0470C151993 for <cfrg@irtf.org>; Tue, 16 May 2023 01:00:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q37BrYxuPcRLE5KXSNinsKHetzU9tZhVqyKCakwXGQ3F/IX38qVGlFo1JwfH2+gztyxivfsDDWinkztZHtDkvicWlUhih0NPlS+MixF4MSOCKGKs3whGnjVgKQmS78BYLAgt+updqAWZv7VpGQv6pftys+d+ruiw3t3HHvpHqzMxFRPnlFZ/rjxrL5ZKSlxpjNQyVdG/F80fy3aKZ97/+y8CygVLLJe2ZorIK/QS93KYDP3V7/6lnOBR/tUHfXn8AfmseWCKyOhP03zel4kohrcJCr4Pe4nB2iWa5mqcAEU/A1/FfFWMu+K1wQ6/T8An46UwSqVd2MFROmllqTwp+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7vqGcEN3Cw+IWlLbRi8cUgUOiwsTziH7pxGkcQ1UAV4=; b=KL+znPkQRevfR4WOx4xIDJtOz08wAm3PYRZJ8OMkY1EdFZ61IDvmopuMtqK20Jwaf9poSIwXX77pjWOfKSTFGENQVr6ojT+QQ7YgGj7V3Z2p/DoXxzOaSD8pAEXxe8zhKX4ZDuz61BRTLHJetsb3SJDJJtKUOyW/uJDW/7Cgq4TaEcrCqfimu6kF4HIeASYVEvL+ACPSBQB5rAWuwzshxSqq2eSUauYDBy+QjCGijGpO5hubBHlFUw72w28KBN7zKQILEHBgedWN12OqOogpqTNSmljHqL9oEqMI0hvTEfkOAaryANvQe2Dh7icbFDE1V23k9wKgUCI2dVHCttS0jg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7vqGcEN3Cw+IWlLbRi8cUgUOiwsTziH7pxGkcQ1UAV4=; b=HDFUMshYUXTzWJmLWbCmF8U4HFswnWTvSAaIRkw1yMqbOx4tLkQMJdmutNFtQLkhIjigQGswTRp/twhhDEiue1SVSyiCXC6GyS7kM8iukxhMBEy9W8TbQOBwhGRGyPHg37K97d2ZWm2vjeLv5lfpHAfFjzkxg+iJOVXo7wuUKVo=
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DBAPR07MB6645.eurprd07.prod.outlook.com (2603:10a6:10:180::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.32; Tue, 16 May 2023 08:00:50 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957%7]) with mapi id 15.20.6387.030; Tue, 16 May 2023 08:00:49 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Roman Shpount <roman@telurix.com>, Jonathan Lennox <jonathan.lennox@8x8.com>
CC: Christian Huitema <huitema@huitema.net>, IRTF CFRG <cfrg@irtf.org>, "sframe@ietf.org" <sframe@ietf.org>, "moq@ietf.org" <moq@ietf.org>, IETF AVTCore WG <avt@ietf.org>
Thread-Topic: [AVTCORE] [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
Thread-Index: AQHZgc5tRU2DL6ijuU2zjeQGPjsVHa9Q3diAgAu2aho=
Date: Tue, 16 May 2023 08:00:49 +0000
Message-ID: <GVXPR07MB96784B8023BF1F9C6D4892C189799@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <168329718302.50127.18120629996969657@ietfa.amsl.com> <GVXPR07MB96781F20D284D7C999F7BBA789729@GVXPR07MB9678.eurprd07.prod.outlook.com> <343a4bf1-7a57-0084-5280-1556c9da4c36@huitema.net> <46702AF0-9C38-4F8E-AD83-61F8B4F0F4DC@8x8.com> <CAD5OKxuNV1Ho8ayePwMBByWY9ce0f3SWdVe2z+eXOo1RdZnQ+g@mail.gmail.com>
In-Reply-To: <CAD5OKxuNV1Ho8ayePwMBByWY9ce0f3SWdVe2z+eXOo1RdZnQ+g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DBAPR07MB6645:EE_
x-ms-office365-filtering-correlation-id: ec3748e0-26de-4481-4b25-08db55e3a9e0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xeJgU9449qfCsUlyHuTzn9fLCYi3t5XkQzHG0I7soBF1Ngg9a+9ZBSdQii56vQrKGYT0PTK7jbrMt4/Y3325uZVC2w+PvmLin1tOCJaHT6dd373Dcfdr/IAKs5HECs0645w5Jy7VkUxSfKh0Rz+w+zHeqCOvkDJJOIi89f+nOjMcf24BGY++FTpLUSVKbLz5VMcbcJkgeQOzAT0iPGTkCThEL392TwR5R0UBFPiOl6x3YXknO3QdcA5WA50bkJBt3GikSl4FRJIMuAv4QxOce+C+7StFOY3GSmiDiTA8gFCTd6VK+jhWVGhNrbEg+0zKD5X+HI/feXLp/pnoFsGVON5F4H0Muru6sfht+r/7iXhd8caiPHgguag6yiSVnm11WFv2EkgblK3Ejia0Jmc3BNXKZGYVppjEIVKaDUQF9jpakyuRfFy5TdBsEpZuv/IO2pB54TDy52dhSlzEEFPohclrAKsScoyr4YEbQTBi8QFwuhuz4TQpldB2rHp7+dkY9GpkJyzRUJdUe7WJ/cXy0RANDfo2sfCrSWEEwsCeK7XpkmwZlEKHdhtHIjx3FUQvST7bb92c+oKNhKiKAcgI4TWgWekkTtILQz3h+ucH2LcQY6YOll/XFIpR3qweomTOsK+IZ6h+nnyLLuXEhIv3hA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(396003)(376002)(39860400002)(136003)(346002)(451199021)(71200400001)(82960400001)(166002)(38100700002)(55016003)(122000001)(66574015)(6506007)(186003)(33656002)(26005)(83380400001)(53546011)(15650500001)(9686003)(21615005)(52536014)(5660300002)(2906002)(8936002)(44832011)(8676002)(66946007)(478600001)(54906003)(110136005)(38070700005)(66556008)(7696005)(76116006)(966005)(66476007)(66446008)(64756008)(316002)(41300700001)(4326008)(86362001)(66899021); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: R2ggRqKMOWhSg2oI4ZacnTJvPyirhyEm5jDslljDo04DXsF7GeaBWbjMPMTOkBdJdk5yWWGUjQQ8qOh24GmphUHNZIwTETlBWU87A7uUb0Q0mQ8HjnZ1Zy9IdJi63cbp38+PTuPwKDIHi3JVMIq0PvLeFwbwEKLj61X7jnEHgx6WYbd43dKtAPDuC7kw/0vq0WMCiwaHOiNJdMGa1+4uefc4NMtKM8yjZNKmR/08IGRempsPnoWixf0GlyOVgDevXFcdJN5lm3Mls2vuGZkS5hi+vBBeJXeEZiuOtJ8/kqwnSXEAG+TVA9+kHK6CLv+nhHTT95SBscdTIMBOUEYx7VNechhW2za0dlmDZnxehDVECU/YjhoIFBhfeeU4aF+d7sayzMBDJDhjg/PkMxmYi+78oZ2zWmist3eUYo0nrUEo6wWPf0eGIqPaEaG2ZXNEqyfiBCKBP5qcl2kDfdaYnP6uaDYJZMpfk0xbkckzjinhCocw/9Dse5IElrei/DJrmBtafSaShuF72YXN3feKF2SX9eKPXpQnqcLYQo+yBpl3lzW5IZCvmSeMX+CpVEigFQEvZDCcbupjEduk9VyQdUvuc3K1E7J9n46TW6leSYnw2XXFPBKiUZiRat+CmS/caK6MBHdqw2fVJDidDIdMkakSJ7ijY5DcVsQkq2/FBddHxlNugSw9QcTpp5AAub+8vF4L6sYQZR+GHzQ8sDN3waYh2JqzrkV6lKfY2Y8uxO9FKq9qTqPMB/buv4c5KAMXyYZPeNyIpKHS/6xJ1J3hQGliDWTOksa9gbi4RKWsxfeLErrHBr75j21+ud+cuK6zf/ALWv57xEW2iUrT5U9v2lHLTaJvcTyE8GXbhOX6Ix8rWYwt49KjX2F9PLumr68JG2iHnzxMoYpPNNA+yRfC54GX0rSHDBbnrL1A3bn5h70HM86qpigqzoIx503i9I5bVWXyHKwb6zGl5m4pDTG1NY8kocKCglzXqseLSvShuhLNYHQ/eMd+/+maTSw2sHIuvw8XdYX+rumQqoqhGEXCz2SuB4gtwijiEX52/PB1dZLW5bqj158QuiIxVm01c4Eftrta0nUx06aIJtxjWJ+SlgEr8TsMxqygBLREQlsIJdVFt3HpYfxCMx58GB9C+k6ioY6Ol2z9xv9ZcpCKHrTtK3HWYMhHkxEYoZfxDGHBmMjqnipCWxzceF6wSiJvBve3fejMG/q/6tSwlOrgfB9yEOwufUp7kH1ubp8qy/iGXsF7bmC3oqdkjW8A+r1No9JRXZ3QQsVBh+cF1gK8g75DPx2WF2v8U0x2YEdX84bXoUHRF5exMh6vX0LEpzeAeqSNcJq8DWiU53wWIzWekSDraXByY/AZZ3U9PW2R/jLMGEj3Vgb8vmSxj4TEDHYYPKCrema3qNs9+n9raUHBBWKxoIsArIlKuv+rcyl0JngFM2p+MkTa931SmxaDSZp5n90SQeU4yglLK+wvxYCnpO04DEYJO8In3CjV0pKPfcwya+oRoUwtfuNuZhW8SNe/RCBK8+gLCZEffKfvsek9xmDnPaKGbozzRDn7X/Cz/wKgLIkMsYKTUzQk0BEMS3P4wZ/JIywmjgxQCsi+Xd4VFfKgnm6ZWPHm2kDggYiHJNyZXs8=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96784B8023BF1F9C6D4892C189799GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec3748e0-26de-4481-4b25-08db55e3a9e0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2023 08:00:49.8585 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wKdNsdVTt8fHDVeYDY6FqHml3avMILQijf1Yx66HOMjtCrm4EYStx57aGeEL8QKWQuq0aMWoeWtLKML34FrMHLrMmUDJ1cu/EWNzOS5263g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB6645
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/3ql8iq2jxsK1lmvuv7i8sZGh0uo>
Subject: Re: [CFRG] [AVTCORE] [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 08:01:00 -0000
Hi Roman, Thanks for the strong support. The first step is to get the algorithm discussed and approved by CFRG. I you want this to happen, make sure to show your support there. I plan to ask for presentation time at CFRG IETF 117. Cryptographically I think the algorithm is very straightforward, proven to be secure, and easy to analyse. For SFrame, some document (draft-ietf-sframe-enc, draft-mattsson-cfrg-aes-gcm-sst, new draft) would just need to register new ciphersuites. Also easy for DTLS-SRTP Protection Profiles, registration just requires "Specification Reuired" so registration could be done in draft-mattsson-cfrg-aes-gcm-sst or a new document. MIKEY is not used very much, I would skip MIKEY unless some deployment specifically asks for it. I don't think IETF should do any more work on SDES, it is simply not an acceptable security protocol anymore. Cheers, John From: Roman Shpount <roman@telurix.com> Date: Monday, 8 May 2023 at 23:05 To: Jonathan Lennox <jonathan.lennox@8x8.com> Cc: Christian Huitema <huitema@huitema.net>, John Mattsson <john.mattsson@ericsson.com>, IRTF CFRG <cfrg@irtf.org>, sframe@ietf.org <sframe@ietf.org>, moq@ietf.org <moq@ietf.org>, IETF AVTCore WG <avt@ietf.org> Subject: Re: [AVTCORE] [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt This is extremely interesting. I support adopting this. _____________ Roman Shpount On Mon, May 8, 2023 at 12:59 PM Jonathan Lennox <jonathan.lennox@8x8.com<mailto:jonathan.lennox@8x8.com>> wrote: This is interesting for SRTP as well, so I suggest adding the AVTCore mailing list. > On May 7, 2023, at 2:06 PM, Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>> wrote: > > John, > > You should probably send this to the QUIC list as well. Media over QUIC is just one application of QUIC. If the "short tags" can save per packet overhead while maintaining security properties, then they are interesting for many QUIC applications. > > -- Christian Huitema > > On 5/5/2023 7:45 AM, John Mattsson wrote: >> Hi, >> We just submitted draft-mattsson-cfrg-aes-gcm-sst-00. Advanced Encryption Standard (AES) with Galois Counter Mode with Secure Short Tags (AES-GCM-SST) is very similar to AES-GCM but have short tags with forgery probabilities close to ideal. The changes to AES-GCM were suggested by Nyberg et al. in 2005 as a comment to NIST and are based on proven theoretical constructions. >> AES-GCM performance with secure short tags have many applications, one of them is media encryption. Audio packets are small, numerous, and ephemeral, so on the one hand, they are very sensitive in percentage terms to crypto overhead, and on the other hand, forgery of individual packets is not a big concern. >> Cheers, >> John >> From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> >> Date: Friday, 5 May 2023 at 16:33 >> To: John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>>, Alexander Maximov <alexander.maximov@ericsson.com<mailto:alexander.maximov@ericsson.com>>, John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>>, Matt Campagna <campagna@amazon.com<mailto:campagna@amazon.com>>, Matthew Campagna <campagna@amazon.com<mailto:campagna@amazon.com>> >> Subject: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt >> A new version of I-D, draft-mattsson-cfrg-aes-gcm-sst-00.txt >> has been successfully submitted by John Preuß Mattsson and posted to the >> IETF repository. >> Name: draft-mattsson-cfrg-aes-gcm-sst >> Revision: 00 >> Title: Galois Counter Mode with Secure Short Tags (GCM-SST) >> Document date: 2023-05-05 >> Group: Individual Submission >> Pages: 16 >> URL: https://www.ietf.org/archive/id/draft-mattsson-cfrg-aes-gcm-sst-00.txt >> Status: https://datatracker.ietf.org/doc/draft-mattsson-cfrg-aes-gcm-sst/ >> Html: https://www.ietf.org/archive/id/draft-mattsson-cfrg-aes-gcm-sst-00.html >> Htmlized: https://datatracker.ietf.org/doc/html/draft-mattsson-cfrg-aes-gcm-sst >> Abstract: >> This document defines the Galois Counter Mode with Secure Short Tags >> (GCM-SST) Authenticated Encryption with Associated Data (AEAD) >> algorithm. GCM-SST can be used with any keystream generator, not >> just a block cipher. The main differences compared to GCM [GCM] is >> that GCM-SST uses an additional subkey Q, that fresh subkeys H and Q >> are derived for each nonce, and that the POLYVAL function from AES- >> GCM-SIV is used instead of GHASH. This enables short tags with >> forgery probabilities close to ideal. This document also registers >> several instances of Advanced Encryption Standard (AES) with Galois >> Counter Mode with Secure Short Tags (AES-GCM-SST). >> This document is the product of the Crypto Forum Research Group. >> The IETF Secretariat > > -- > Sframe mailing list > Sframe@ietf.org<mailto:Sframe@ietf.org> > https://www.ietf.org/mailman/listinfo/sframe _______________________________________________ Audio/Video Transport Core Maintenance avt@ietf.org<mailto:avt@ietf.org> https://www.ietf.org/mailman/listinfo/avt
- [CFRG] FW: New Version Notification for draft-mat… John Mattsson
- Re: [CFRG] [Sframe] FW: New Version Notification … Richard Barnes
- Re: [CFRG] [Sframe] FW: New Version Notification … John Mattsson
- Re: [CFRG] [Moq] FW: New Version Notification for… Christian Huitema
- Re: [CFRG] [Sframe] [Moq] FW: New Version Notific… Jonathan Lennox
- Re: [CFRG] [EXT] Re: [Sframe] [Moq] FW: New Versi… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [AVTCORE] [Sframe] [Moq] FW: New Versi… Roman Shpount
- Re: [CFRG] [AVTCORE] [Sframe] [Moq] FW: New Versi… John Mattsson