Re: [Cfrg] draft-housley-ccm-mode-00.txt

"Housley, Russ" <> Thu, 15 August 2002 20:16 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id QAA14727 for <>; Thu, 15 Aug 2002 16:16:08 -0400 (EDT)
Received: (from daemon@localhost) by (8.9.1a/8.9.1) id QAA03380 for; Thu, 15 Aug 2002 16:17:28 -0400 (EDT)
Received: from (localhost []) by (8.9.1a/8.9.1) with ESMTP id QAA03194; Thu, 15 Aug 2002 16:13:57 -0400 (EDT)
Received: from (odin []) by (8.9.1a/8.9.1) with ESMTP id QAA03168 for <>; Thu, 15 Aug 2002 16:13:56 -0400 (EDT)
Received: from ( []) by (8.9.1a/8.9.1a) with SMTP id QAA14628 for <>; Thu, 15 Aug 2002 16:12:35 -0400 (EDT)
Received: from by via smtpd (for []) with SMTP; 15 Aug 2002 20:13:55 UT
Received: from ( []) by (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA19390 for <>; Thu, 15 Aug 2002 16:13:24 -0400 (EDT)
Received: from (localhost []) by (8.10.2+Sun/8.10.2) with ESMTP id g7FKBCm16559 for <>; Thu, 15 Aug 2002 16:11:12 -0400 (EDT)
Received: by with Internet Mail Service (5.5.2653.19) id <3TPV2FNY>; Thu, 15 Aug 2002 16:13:22 -0400
Received: from (HOUSLEY-LAP []) by with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPV2FN4; Thu, 15 Aug 2002 16:13:18 -0400
From: "Housley, Russ" <>
To: Greg Rose <>
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 15 Aug 2002 15:59:34 -0400
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
In-Reply-To: <>
References: < .com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <>


I understand the conventional wisdom that you are offering.  However, 
authenticated encryption (using a single key) has been an area of recent 
research.  IAPM, OCB, and CCM are approaches.

Jakob Jonsson from RSA Labs has done a security proof of CCM.  While the 
proceedings are not out yet, his paper was accepted at SAC.  The peer 
reviewer did not find any problems, and I look forward to the broader 
review once the paper is readily available.


At 03:52 AM 8/16/2002 +1000, Greg Rose wrote:
>Doing the authentication and the encryption with the same key is bad 
>practice. You should take the input key, and derive from it two 
>subordinate keys, which are independent of each other as far as an outside 
>attacker can tell, then use one of them for the counter mode encryption, 
>the other for the CBC-MAC.
>At 10:55 AM 8/15/2002 -0400, Housley, Russ wrote:
>>Dear CFRG:
>>I would like to draw your attention to this document.  It contains a 
>>specification for an authenticated encryption mode.  It was designed fro 
>>use with AES, but, of course, it will work with any 128-bit block cipher.
>>The authors have submitted it to NIST for consideration as a FIPS 
>>mode.  You can learn more about CCM and the other proposed modes at the 
>>NIST web site ( see ).
>>IEEE 802.11 has chosen to make CCM the mandatory to implement AES mode 
>>for wireless LAN encryption. IEEE 802.15 has also chosen CCM for use with 
>>personal area networks.  In my opinion, this success is due to the lack 
>>of a patent (or pending patent from the authors) on CCM.  I suspect that 
>>most of the members of this list are aware that other candidate 
>>authenticated encryption modes are encumbered.
>>It is my intention to publish draft-housley-ccm-mode-00.txt as an 
>>Informational RFC.  This looks like the appropriate group to review the 
>>Cfrg mailing list
>Greg Rose                                       INTERNET:
>Qualcomm Australia          VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
>Level 3, 230 Victoria Road,      
>Gladesville NSW 2111    232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C

Cfrg mailing list