RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms
Sean Shuo Shen <sshen@huawei.com> Fri, 04 January 2008 03:36 UTC
Return-path: <cfrg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JAdLs-000330-L3; Thu, 03 Jan 2008 22:36:08 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JAdLr-00032v-JQ for cfrg@ietf.org; Thu, 03 Jan 2008 22:36:07 -0500
Received: from szxga02-in.huawei.com ([61.144.161.54]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JAdLq-0003zQ-SM for cfrg@ietf.org; Thu, 03 Jan 2008 22:36:07 -0500
Received: from huawei.com (szxga02-in [172.24.2.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JU3008TMOMXNY@szxga02-in.huawei.com> for cfrg@ietf.org; Fri, 04 Jan 2008 11:35:22 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JU300H96OMXXW@szxga02-in.huawei.com> for cfrg@ietf.org; Fri, 04 Jan 2008 11:35:21 +0800 (CST)
Received: from s102542 ([10.111.12.53]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0JU300MPDOMT56@szxml04-in.huawei.com> for cfrg@ietf.org; Fri, 04 Jan 2008 11:35:21 +0800 (CST)
Date: Fri, 04 Jan 2008 11:35:17 +0800
From: Sean Shuo Shen <sshen@huawei.com>
Subject: RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms
In-reply-to: <20080104030507.7297e280@cs.columbia.edu>
To: "'Steven M. Bellovin'" <smb@cs.columbia.edu>
Message-id: <002a01c84e82$d36efb40$350c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Thread-index: AchOf0SsfVRFlWWWRnerLPhBihZpGgAAN1Pw
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: saag@mit.edu, cfrg@ietf.org
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
Thank you Steven. >>Sean Shuo Shen <sshen@huawei.com> wrote: >> Hi Stephen, >> Can you talk more details about the FIPS evaluation problem? >The issue is what the assurance boundary is. If the TCP sequence >number is cryptographically significant, the entire process by which >it's set (including original generation and anything else in the stack >or kernel that could touch it) has to be part of the evaluation, too. The isn generation of some windows versions and linux is not random enough and is vulnerable (like RST attack). So the seq num can not be a source for randomness. But if a seq num is used just as an index instead of a random seed, it is not cryptographically significant and I don't think it will affect the cryptographic strength. What do you think, Steven? Regards Sean _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] Re: [saag] TCP-AO MAC algorithms mcgrew
- RE: [Cfrg] Re: [saag] TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [Cfrg] Re: [saag] TCP-AO MAC algorithms mcgrew
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- RE: [Cfrg] Re: [saag] TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen