[Cfrg] RFC 5297 and absent vs. zero-length nonces
Daniel Franke <dfoxfranke@gmail.com> Thu, 23 February 2017 23:12 UTC
Return-Path: <dfoxfranke@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3E2A129C33 for <cfrg@ietfa.amsl.com>; Thu, 23 Feb 2017 15:12:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fzeAeHc3RHXi for <cfrg@ietfa.amsl.com>; Thu, 23 Feb 2017 15:12:27 -0800 (PST)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93E2B129B08 for <cfrg@irtf.org>; Thu, 23 Feb 2017 15:12:27 -0800 (PST)
Received: by mail-qk0-x22d.google.com with SMTP id n127so5855749qkf.0 for <cfrg@irtf.org>; Thu, 23 Feb 2017 15:12:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=DiuHQyc6mQhyqmaU6urgYHTx9gjoqwpQEY1s55JkPOI=; b=fS84jPwtBUsEj23Bwx9PHkRrJedY3na4kUJtacV1N3B40q22XLCAK+mUei4i9MItlh RzcxXtQI+4DACClh60LG8MR0/6JnSnJz+q3edOjVZJ0Yw5xWc5N/VnX0kMLtr9IzmBWt DSP+txNO5+qj5yeRAIseYw/dI3rFpS+xQaQ5o28Gu/5BBgqkaTNB+S9O5S8Gg3gMc4es WhKOCdHbRiCJvNl62PM9UDLc0bYj38Ur4+t49rU2hTo3P0d3Qy+J4nPHmTHekcN9YhhU VpiHYK7jJIxmJlBPRMIP3Uq8YAbvMj7quzfqZdKQoI3zQJ32X4r9Fm8YYalYlq6/omyN /3UA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DiuHQyc6mQhyqmaU6urgYHTx9gjoqwpQEY1s55JkPOI=; b=aOtbkmQczZfsbkq799YMuo8s0jVIL2BmvEO/vXF42/Cop7iPbz927F31ucBcDNHqQT tTmQxPE0zvm1kptO1P95Sdbvk8Kz+fWelQZE/IXKjeWiM8ybUAhjyk+PZvu/kjOb1Qug /jQPPmAALCFfHrZQyCR/9v8odvfNP+gqY8+/1sKVRBd4M+CvCzrXKR1t0EB3VGjPey6F WVlbr0H2fGoC/+i4oMEllkWTlahgCXEeKQgcPgQNFL8BQU4vCQk1H3jAoBtDeB8bamVQ fIRTk4H7VnNbio1hsuKRhUaIvjsDCXaY7CMCpzyDaRisDiBlHl7/Vw0/RP16M7vaUFOu 1NyQ==
X-Gm-Message-State: AMke39lP+CoYtXp0Io04XZ3qHjPq1vACyC63OVtSM1JocrjTKawCtphfpMw4ePeYvB1sK7QymObWyvuuyggzvA==
X-Received: by 10.55.95.131 with SMTP id t125mr43886033qkb.279.1487891546806; Thu, 23 Feb 2017 15:12:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.136.33 with HTTP; Thu, 23 Feb 2017 15:12:26 -0800 (PST)
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Thu, 23 Feb 2017 18:12:26 -0500
Message-ID: <CAJm83bB22+9L3Rcn43hyDuGx1=ncse5cLYCm+dAP9hCPqnd8Hw@mail.gmail.com>
To: dharkins@arubanetworks.com, cfrg@irtf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Gu5cyorHPLrQ_CGYe775Xc6SV1c>
Subject: [Cfrg] RFC 5297 and absent vs. zero-length nonces
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2017 23:12:29 -0000
The IANA considerations section of RFC 5297 (Synthetic Initialization Vector (SIV) Authenticated Encryption Using the Advanced Encryption Standard (AES)) gives N_MIN as 1. However, S2V is perfectly capable of accepting zero-length arguments. Furthermore, passing a zero-length argument to S2V is distinct from not passing that argument at all (as done in the case deterministic encryption). How should an implementation behave when provided with a zero-length nonce? Should it return an error, since its length is under N_MIN? Should it pass it along to S2V just like any other nonce input? Or should it treat this as a request for deterministic encryption and not pass any nonce to S2V?
- [Cfrg] RFC 5297 and absent vs. zero-length nonces Daniel Franke
- Re: [Cfrg] RFC 5297 and absent vs. zero-length no… Dan Harkins
- Re: [Cfrg] RFC 5297 and absent vs. zero-length no… David McGrew (mcgrew)
- Re: [Cfrg] RFC 5297 and absent vs. zero-length no… Daniel Franke
- Re: [Cfrg] RFC 5297 and absent vs. zero-length no… Dan Harkins