IETF Logo Mail Archive

Re: [CFRG] [EXT] Re: [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Mon, 08 May 2023 17:43 UTC

Return-Path: <prvs=5492219c2c=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18DC4C151992; Mon, 8 May 2023 10:43:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pCcozhcODByN; Mon, 8 May 2023 10:43:53 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9570AC137394; Mon, 8 May 2023 10:43:53 -0700 (PDT)
Received: from LLEX2019-1.mitll.ad.local (llex2019-1.llan.ll.mit.edu [172.25.4.123]) by MX3.LL.MIT.EDU (8.17.1.19/8.17.1.19) with ESMTPS id 348HhkNu163517 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 8 May 2023 13:43:46 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=cGJQp3HkXLnb3nQnr+PAdEOME+IA0Lx0guGwLJG7XbMjIGJDSTBslQsZ9DvLliRIblAVtHwL8LKR4/4f6tVR9mpd9QrIdJQO5D94PTE2Gmep3LFvo39+NauItwh/fXaEV+ULvish9dCq/oD+AASCe702exzs/4sT79RjFleKdqQ/aRvQwimVZi2WWPx+DGSJDBS/Z/zqvtGpoEpnbUg3YVDpJi7kVk+S8d7X8TxQSLAlqtqsFvT35wbfwTMiSo5cjzlBLd9UXFJyRMvT7r9wgSlsf24T/4ekbojwbuF+9I5tI+9Gf6SoGi69vasXQ7r8njoGM+VQ3lybrR1ecodAAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=llpP3q/CDVsg2mNwaMB8b13a8j5bABKA8EO9F4XepAw=; b=vvM8cyy431vdhDG9XfmAEn8VDuSoP+neFfzYPQcfzo3AO86IHIHFK8p3DIoco/ddw+YHVYKwGQtWLn5tyvwxkQCpWag+SRaz4/tnXTUCBXRSwnp/O/3TBsdYgb6c+fhqvC7LrVahye0XRi7q+piOxZjZ2tHm+qPoD2rLvdKEDetRpk+r7vP+SlEHEcjth3Fi5hlsnEGiFQ3stQw50CCvaSBWUrl+a7I3+KXWFdBlhuzbNlTmOiCD6AeCsfpceN99iHcSFdyih+/Xth43IV8KwoYs9j6daPEZKP/BJTOqtpuv8mjIaAnpm1WRSVZN9o3vHsao3lsKMbp2XWVBUqCqHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Jonathan Lennox <jonathan.lennox@8x8.com>, Christian Huitema <huitema@huitema.net>
CC: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, IRTF CFRG <cfrg@irtf.org>, "sframe@ietf.org" <sframe@ietf.org>, "moq@ietf.org" <moq@ietf.org>, IETF AVTCore WG <avt@ietf.org>
Thread-Topic: [EXT] Re: [CFRG] [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
Thread-Index: AQHZgc6UW0xLkPRpA0GCo2/bddgYYK9QYpkA
Date: Mon, 08 May 2023 17:43:44 +0000
Message-ID: <80C1FA7A-38CE-4179-98BB-91DBD365CBCA@ll.mit.edu>
References: <168329718302.50127.18120629996969657@ietfa.amsl.com> <GVXPR07MB96781F20D284D7C999F7BBA789729@GVXPR07MB9678.eurprd07.prod.outlook.com> <343a4bf1-7a57-0084-5280-1556c9da4c36@huitema.net> <46702AF0-9C38-4F8E-AD83-61F8B4F0F4DC@8x8.com>
In-Reply-To: <46702AF0-9C38-4F8E-AD83-61F8B4F0F4DC@8x8.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.72.23043001
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1401:EE_
x-ms-office365-filtering-correlation-id: 8c5cad8f-cbd6-46fd-3006-08db4febc549
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QpTh0y+DY9t6zk+//g6ypzSO86mN+a2VWKihBinVz2zmwPv7AWoz6aH19iiMM9EujQiYOai7OsZ2DViqQXaNYxVtD6PJ06qGe4wJ1JkSzrchhaxwmDLzEwFgFYSRd+sNST0HY1pwQDs+79mV2ocnhNDNBCB2u2sf/m+2Fd0aBDtcfCqNHf+NDKK9DUZU/01WEnH9rqgLGhZXSCZKtP7SdPF4ITZH4GfCzpP57064UQ/7Qw0EdVfGCsqFaXn5VZOpQsrLH+riC7FvT1+LqYqEfD+r6Y6IZTLrTP9PHambQwmpIHZdO+r3GbZ9Pk7SuSmSiVKaer/e0OlOZRKNFTjSZBlJVT36UDc3QCow0JEdBB64lnKgD0SmXzHMycWHnSW/Awoo8SmJOsZ2vp87MJrxvyD1ntfAG//i2Gk11TmdiC+zWcJeT9x1Jy9RFxGOPjL0CASItNYyLINj3NmS3MGh2+EZtPNqF2B5nrmlb8eDBCT7dnPgfW6O4zCPn++SM6eYRJoUzPYYgtKU04ia4peSrn5Ws6qsA6629vmqYhGrzo945/bmeUDKYLxPcElSqel3lrbmmgfRI0IMjTf6vGlO8BXclbSTCqz+G5+5DD/1GBk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(366004)(396003)(39830400003)(136003)(451199021)(122000001)(2906002)(66899021)(15650500001)(5660300002)(33656002)(4326008)(966005)(41300700001)(8676002)(8936002)(66556008)(71200400001)(64756008)(66446008)(66476007)(76116006)(66946007)(508600001)(110136005)(54906003)(86362001)(41320700001)(38100700002)(83380400001)(38070700005)(6512007)(2616005)(66574015)(186003)(6506007)(53546011)(26005)(6486002)(75432002)(99936003)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: aSaOtpPLcyQ2pU1mWHe/a5KHjmsn1jjK8NAo9cX9N7/1t/y52a2EUtMDT3g3F9WaFzO+urC9vIWurIxVzxp49KS4abVxUZRIClEw8aHfiHybm9QnUdI25OScFTCIPte0RUS6pddFenttKLk62k+6a66Xkh8EFpFkyTFhrbJCOmbfZc3P4yHoT+WP1ZUqIz2hu5PFyLN3rJ+YPZ/Gp+KI3h2QHcAwiQp3HgPVbfA74JAOur0AoGsI4ZDqnQJCblarRqy53YHG+GqfyR+f+dmbPeI3Q9uJt5G5dOAlfvM3YKzgr/wCCDSI5rW1KV9KUuChPnTb3q1j4l4ak7bMo3ON5SFs4ZoS6G/OKgPJh8ER6SgYZnfcn7eXMWF7HQjorF8mBY8W01LcXZQkteMuJXneJ8yxn0DXkRTSvjBs8+Wtj2c=
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3766398224_907796122"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 8c5cad8f-cbd6-46fd-3006-08db4febc549
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2023 17:43:44.8752 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1401
X-Proofpoint-GUID: mKdQz6yKPbge83RQUyJ-kxQfrmBOEJf3
X-Proofpoint-ORIG-GUID: mKdQz6yKPbge83RQUyJ-kxQfrmBOEJf3
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-08_13,2023-05-05_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=999 phishscore=0 malwarescore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2305080118
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/9ZrsJ56Tyx0HyNLNl9VMXyY0pgw>
Subject: Re: [CFRG] [EXT] Re: [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2023 17:43:58 -0000

I concur - this is an interesting proposal. I support it.

--
V/R,
Uri
 
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare
 

On 5/8/23, 13:00, "CFRG on behalf of Jonathan Lennox" <cfrg-bounces@irtf.org on behalf of jonathan.lennox@8x8.com> wrote:
    This is interesting for SRTP as well, so I suggest adding the AVTCore mailing list.

    > On May 7, 2023, at 2:06 PM, Christian Huitema <huitema@huitema.net> wrote:
    > 
    > John,
    > 
    > You should probably send this to the QUIC list as well. Media over QUIC is just one application of QUIC. If the "short tags" can save per packet overhead while maintaining security properties, then they are interesting for many QUIC applications.
    > 
    > -- Christian Huitema
    > 
    > On 5/5/2023 7:45 AM, John Mattsson wrote:
    >> Hi,
    >> We just submitted draft-mattsson-cfrg-aes-gcm-sst-00. Advanced Encryption Standard (AES) with Galois Counter Mode with Secure Short Tags (AES-GCM-SST) is very similar to AES-GCM but have short tags with forgery probabilities close to ideal. The changes to AES-GCM were suggested by Nyberg et al. in 2005 as a comment to NIST and are based on proven theoretical constructions.
    >> AES-GCM performance with secure short tags have many applications, one of them is media encryption. Audio packets are small, numerous, and ephemeral, so on the one hand, they are very sensitive in percentage terms to crypto overhead, and on the other hand, forgery of individual packets is not a big concern.
    >> Cheers,
    >> John
    >> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
    >> Date: Friday, 5 May 2023 at 16:33
    >> Subject: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
    >> A new version of I-D, draft-mattsson-cfrg-aes-gcm-sst-00.txt
    >> has been successfully submitted by John Preuß Mattsson and posted to the
    >> IETF repository.
    >> Name:           draft-mattsson-cfrg-aes-gcm-sst
    >> Revision:       00
    >> Title:          Galois Counter Mode with Secure Short Tags (GCM-SST)
    >> Document date:  2023-05-05
    >> Group:          Individual Submission
    >> Pages:          16
    >> URL:            https://www.ietf.org/archive/id/draft-mattsson-cfrg-aes-gcm-sst-00.txt
    >> Status:         https://datatracker.ietf.org/doc/draft-mattsson-cfrg-aes-gcm-sst/
    >> Html:           https://www.ietf.org/archive/id/draft-mattsson-cfrg-aes-gcm-sst-00.html
    >> Htmlized:       https://datatracker.ietf.org/doc/html/draft-mattsson-cfrg-aes-gcm-sst
    >> Abstract:
    >>    This document defines the Galois Counter Mode with Secure Short Tags
    >>    (GCM-SST) Authenticated Encryption with Associated Data (AEAD)
    >>    algorithm.  GCM-SST can be used with any keystream generator, not
    >>    just a block cipher.  The main differences compared to GCM [GCM] is
    >>    that GCM-SST uses an additional subkey Q, that fresh subkeys H and Q
    >>    are derived for each nonce, and that the POLYVAL function from AES-
    >>    GCM-SIV is used instead of GHASH.  This enables short tags with
    >>    forgery probabilities close to ideal.  This document also registers
    >>    several instances of Advanced Encryption Standard (AES) with Galois
    >>    Counter Mode with Secure Short Tags (AES-GCM-SST).
    >>    This document is the product of the Crypto Forum Research Group.
    >> The IETF Secretariat
    > 
    > -- 
    > Sframe mailing list
    > Sframe@ietf.org
    > https://www.ietf.org/mailman/listinfo/sframe

    _______________________________________________
    CFRG mailing list
    CFRG@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email