Re: [Cfrg] draft-housley-ccm-mode-00.txt

David Wagner <daw@cs.berkeley.edu> Fri, 16 August 2002 17:10 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23435 for <cfrg-archive@odin.ietf.org>; Fri, 16 Aug 2002 13:10:46 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA16234 for cfrg-archive@odin.ietf.org; Fri, 16 Aug 2002 13:12:07 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA16031; Fri, 16 Aug 2002 13:08:23 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA16003 for <cfrg@optimus.ietf.org>; Fri, 16 Aug 2002 13:08:21 -0400 (EDT)
Received: from mozart.cs.berkeley.edu (mozart.CS.Berkeley.EDU [128.32.153.211]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23271 for <cfrg@ietf.org>; Fri, 16 Aug 2002 13:07:00 -0400 (EDT)
Received: (from daw@localhost) by mozart.cs.berkeley.edu (8.11.2/8.11.2) id g7GH7HO10814; Fri, 16 Aug 2002 10:07:17 -0700
From: David Wagner <daw@cs.berkeley.edu>
Message-Id: <200208161707.g7GH7HO10814@mozart.cs.berkeley.edu>
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
To: Ge.Weijers@Sun.COM
Date: Fri, 16 Aug 2002 10:07:17 -0700
Cc: daw@mozart.cs.berkeley.edu, cfrg@ietf.org
In-Reply-To: <3D5D2D7A.1000508@sun.com> from "Gé Weijers" at Aug 16, 2002 09:51:06 AM
X-Mailer: ELM [version 2.5 PL6]
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: cfrg-admin@ietf.org
Errors-To: cfrg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
X-BeenThere: cfrg@ietf.org
Content-Transfer-Encoding: 7bit

> An advantage I can see is the use of the same key for both 
> authentication and encryption. [...] Using the same key 
> halves the key storage requirements for an 802.11 base station.

It is easy to achieve the same thing with the standard generic
composition.  You pick a 128-bit key, and derive the encryption and
authentication keys separately using a PRF: Ke = F_K(0), Ka = F_K(1).
This is all very standard, and is done in IPSec and TLS, for instance.
So I don't see this as an advantage or an disadvantage.

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg