IETF Logo Mail Archive

Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted Key Data

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 17 May 2016 14:04 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E63B12D610 for <cfrg@ietfa.amsl.com>; Tue, 17 May 2016 07:04:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Level:
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sq_7GGnyRrCb for <cfrg@ietfa.amsl.com>; Tue, 17 May 2016 07:04:40 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF59812D5E8 for <cfrg@irtf.org>; Tue, 17 May 2016 07:04:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BF977BE2D; Tue, 17 May 2016 15:04:38 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwmzMB8zVWsc; Tue, 17 May 2016 15:04:32 +0100 (IST)
Received: from [10.87.48.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 87CD1BE35; Tue, 17 May 2016 15:04:29 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1463493870; bh=CD29hHfMlcCGRO1/o7nER7DqmMNkbhyDaRq5QAzh2oc=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=qujFWMQQ33GbGMn4+B8+Fdmtlgn74dJHG3NLxUvbor5qrJ/IACKRx5unRTSe4AZek fmEeT8QG/etPGFzqv/dcp21te9P1gyAC9WO0cEa9IhLnXfEKzPU5Zn0UMleSCXO54f ZLBzfYIPkSZFRbP2IvaaGLrWVlaKws+vqMC0P2ag=
To: Russ Housley <housley@vigilsec.com>, Paul Lambert <paul@marvell.com>
References: <D35F6F11.93C3E%paul@marvell.com> <297966AA-C7E0-4C3B-BA56-8D61D7824D66@vigilsec.com> <D35F843A.93C91%paul@marvell.com> <89A44D23-D8A2-4A2F-A94E-6A362FC195C7@vigilsec.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <573B24ED.70708@cs.tcd.ie>
Date: Tue, 17 May 2016 15:04:29 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <89A44D23-D8A2-4A2F-A94E-6A362FC195C7@vigilsec.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms080707030104060007000307"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/ESshueyD9r6QAVW2FjWFPvGC7ik>
Resent-From: alias-bounces@ietf.org
Resent-To: <>
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] AES-SIV versus AES-GCM for Encrypted Key Data
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 14:04:41 -0000


On 17/05/16 14:50, Russ Housley wrote:
> I do not speak for NSA.  However, NSA only uses algorithms and modes
> that are FIPS-approved.  AES-SIV does not meet that requirement.  If
> that happens in the future, then the direction might change.

I don't speak for anyone:-)

I strongly believe that holding off from making improvements
of the basis of FIPS approval/certification is a really bad
idea. If a case can be made that the suggested change is less
good or no better than the FIPS approved/certified thing,
then that is a debate worth having, but waving the FIPS flag
is not itself IMO a good counter argument to a claim that
some change is an improvement.

And I'd be disappointed if an international organisation of
any kind did accept that kind of flag waving.

The fact that parts of the government in question were caught
cheating on exactly this kind process just a few years ago `
remains relevant to this discussion IMO. The fact that other
parts of the same government are good actors, IMO likely
including all those visibly involved, does not cancel that out.
In this case, that is another reason to not accept an argument
based solely on whether or not something has the blessing of
parts of that same govt. (And please do note that this paragraph
can equally be applied to any govt, not just the one concerned
here.)

S.

v2.23.0 | Report a Bug | By Email