Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted Key Data
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 17 May 2016 14:04 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E63B12D610 for <cfrg@ietfa.amsl.com>; Tue, 17 May 2016 07:04:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Level:
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sq_7GGnyRrCb for <cfrg@ietfa.amsl.com>; Tue, 17 May 2016 07:04:40 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF59812D5E8 for <cfrg@irtf.org>; Tue, 17 May 2016 07:04:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BF977BE2D; Tue, 17 May 2016 15:04:38 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwmzMB8zVWsc; Tue, 17 May 2016 15:04:32 +0100 (IST)
Received: from [10.87.48.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 87CD1BE35; Tue, 17 May 2016 15:04:29 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1463493870; bh=CD29hHfMlcCGRO1/o7nER7DqmMNkbhyDaRq5QAzh2oc=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=qujFWMQQ33GbGMn4+B8+Fdmtlgn74dJHG3NLxUvbor5qrJ/IACKRx5unRTSe4AZek fmEeT8QG/etPGFzqv/dcp21te9P1gyAC9WO0cEa9IhLnXfEKzPU5Zn0UMleSCXO54f ZLBzfYIPkSZFRbP2IvaaGLrWVlaKws+vqMC0P2ag=
To: Russ Housley <housley@vigilsec.com>, Paul Lambert <paul@marvell.com>
References: <D35F6F11.93C3E%paul@marvell.com> <297966AA-C7E0-4C3B-BA56-8D61D7824D66@vigilsec.com> <D35F843A.93C91%paul@marvell.com> <89A44D23-D8A2-4A2F-A94E-6A362FC195C7@vigilsec.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <573B24ED.70708@cs.tcd.ie>
Date: Tue, 17 May 2016 15:04:29 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <89A44D23-D8A2-4A2F-A94E-6A362FC195C7@vigilsec.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms080707030104060007000307"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/ESshueyD9r6QAVW2FjWFPvGC7ik>
Resent-From: alias-bounces@ietf.org
Resent-To: <>
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted Key Data
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 14:04:41 -0000
On 17/05/16 14:50, Russ Housley wrote: > I do not speak for NSA. However, NSA only uses algorithms and modes > that are FIPS-approved. AES-SIV does not meet that requirement. If > that happens in the future, then the direction might change. I don't speak for anyone:-) I strongly believe that holding off from making improvements of the basis of FIPS approval/certification is a really bad idea. If a case can be made that the suggested change is less good or no better than the FIPS approved/certified thing, then that is a debate worth having, but waving the FIPS flag is not itself IMO a good counter argument to a claim that some change is an improvement. And I'd be disappointed if an international organisation of any kind did accept that kind of flag waving. The fact that parts of the government in question were caught cheating on exactly this kind process just a few years ago ` remains relevant to this discussion IMO. The fact that other parts of the same government are good actors, IMO likely including all those visibly involved, does not cancel that out. In this case, that is another reason to not accept an argument based solely on whether or not something has the blessing of parts of that same govt. (And please do note that this paragraph can equally be applied to any govt, not just the one concerned here.) S.
- [Cfrg] AES-SIV versus AES-GCM for Encrypted Key D… Paul Lambert
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Russ Housley
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Paul Lambert
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Yoav Nir
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Paul Lambert
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Dan Harkins
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Russ Housley
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Russ Housley
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Russ Housley
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Stephen Farrell
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Russ Housley
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Stephen Farrell
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Russ Housley
- Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted K… Stephen Farrell