Re: [Cfrg] draft-housley-ccm-mode-00.txt

Greg Rose <> Thu, 15 August 2002 17:52 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id NAA07083 for <>; Thu, 15 Aug 2002 13:52:28 -0400 (EDT)
Received: (from daemon@localhost) by (8.9.1a/8.9.1) id NAA20959 for; Thu, 15 Aug 2002 13:53:49 -0400 (EDT)
Received: from (localhost []) by (8.9.1a/8.9.1) with ESMTP id NAA20844; Thu, 15 Aug 2002 13:52:59 -0400 (EDT)
Received: from (odin []) by (8.9.1a/8.9.1) with ESMTP id NAA20821 for <>; Thu, 15 Aug 2002 13:52:58 -0400 (EDT)
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id NAA07039 for <>; Thu, 15 Aug 2002 13:51:37 -0400 (EDT)
Received: from ( []) by (8.12.3/8.12.3/1.0) with ESMTP id g7FHqtN6011380 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 15 Aug 2002 10:52:55 -0700 (PDT)
Received: from ( []) by (8.12.1/8.12.3/1.0) with ESMTP id g7FHqrsR002468; Thu, 15 Aug 2002 10:52:53 -0700 (PDT)
Message-Id: <>
X-Sender: ggr2@
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 16 Aug 2002 03:52:53 +1000
To: "Housley, Russ" <>
From: Greg Rose <>
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
In-Reply-To: < .com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <>

Doing the authentication and the encryption with the same key is bad 
practice. You should take the input key, and derive from it two subordinate 
keys, which are independent of each other as far as an outside attacker can 
tell, then use one of them for the counter mode encryption, the other for 
the CBC-MAC.


At 10:55 AM 8/15/2002 -0400, Housley, Russ wrote:
>Dear CFRG:
>I would like to draw your attention to this document.  It contains a 
>specification for an authenticated encryption mode.  It was designed fro 
>use with AES, but, of course, it will work with any 128-bit block cipher.
>The authors have submitted it to NIST for consideration as a FIPS 
>mode.  You can learn more about CCM and the other proposed modes at the 
>NIST web site ( see ).
>IEEE 802.11 has chosen to make CCM the mandatory to implement AES mode for 
>wireless LAN encryption. IEEE 802.15 has also chosen CCM for use with 
>personal area networks.  In my opinion, this success is due to the lack of 
>a patent (or pending patent from the authors) on CCM.  I suspect that most 
>of the members of this list are aware that other candidate authenticated 
>encryption modes are encumbered.
>It is my intention to publish draft-housley-ccm-mode-00.txt as an 
>Informational RFC.  This looks like the appropriate group to review the 
>Cfrg mailing list

Greg Rose                                       INTERNET:
Qualcomm Australia          VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,      
Gladesville NSW 2111    232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C

Cfrg mailing list