Re: [CFRG] [EXT] IETF WG Interest in AES-GCM-SST
Roman Shpount <roman@telurix.com> Thu, 04 April 2024 03:56 UTC
Return-Path: <roman@telurix.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2613C151091 for <cfrg@ietfa.amsl.com>; Wed, 3 Apr 2024 20:56:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telurix.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ciYNWKy3PsYY for <cfrg@ietfa.amsl.com>; Wed, 3 Apr 2024 20:56:50 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EDDFC151090 for <cfrg@irtf.org>; Wed, 3 Apr 2024 20:56:50 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-516b6e75dc3so588005e87.3 for <cfrg@irtf.org>; Wed, 03 Apr 2024 20:56:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix.com; s=google; t=1712203007; x=1712807807; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=s2y3LQdAkjYs1EPL8KCZj+n/QG980n6NziRDWc713lQ=; b=FVcO1OXjxcwn+0Yuyg2NqPrzc6nd/cxAm8zSOvp8bmPj+oVkQ93pjavvKnIBz4SNzo KmW1TBppms37e8Vbx8qIUPTZ6sq3jIZHmr/aUdgvwuOOk0gQ6+jrgniH8DJ6pmlkMlKq OusRFH8EVKNZfna+YFAwueYxkP+IGfoUxSyiA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712203007; x=1712807807; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=s2y3LQdAkjYs1EPL8KCZj+n/QG980n6NziRDWc713lQ=; b=SuB/YmcEkCmXeI4rVBdynR0d9XmclCLgRSXrFpCBzbqJ6Uc79pD+KRZh+Ni79/OT4j MO/nW2N52i1l+cnBSYZ0XRvnZkjWBS1nvvIEchrrtr14ny9rZ/ruZcfKQ7NVzh8KT1kz +lcBqCorhAREXYBd//c3fGXxnJXRAkLxjhzh9KLjNUNIZ9UCwWxEG64HI8adQfeSqUag 7wVIDxkwF/0H9znp6bNX0QseNuncOumio56wZets55+uBDXDhEiz6dZm9MYkImJiqw4M UTy8xartBI0BCEOzlL6IXq2C16jFqzxSCTxExWDSP9hO5fV+qxR+1Uk0gzFkxo7Pi2K3 hsNw==
X-Forwarded-Encrypted: i=1; AJvYcCWDUR4wiEWsmC717gXUxJQdo91hyb723XG57EF8vqSYYD3b6X08VLBJysicS95PLiJlxStpmYwpP2BO0h/p
X-Gm-Message-State: AOJu0Yww2+A16PqPuetgNeCnSdkBElFJydKnsfP9jHT9OBLZ+FztTCVY pYYU7aGMU8wNjs7U18B3Bsmv2vbx30EJzYkKa1uz8bPeWJoZnTJjYReaZQUXlHgnVrEbQa8r7Fl xbtU=
X-Google-Smtp-Source: AGHT+IF3czhoDeW2t3t0hYCB72+BxWLZR0UkLz9yMytQhkd9kOTf3Oy4oOBV5sv6cBmDDmBdU7rXcg==
X-Received: by 2002:ac2:5dda:0:b0:513:b30c:53c7 with SMTP id x26-20020ac25dda000000b00513b30c53c7mr778370lfq.10.1712203007108; Wed, 03 Apr 2024 20:56:47 -0700 (PDT)
Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com. [209.85.208.179]) by smtp.gmail.com with ESMTPSA id a23-20020a195f57000000b00516c4234511sm143161lfj.242.2024.04.03.20.56.46 for <cfrg@irtf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 03 Apr 2024 20:56:46 -0700 (PDT)
Received: by mail-lj1-f179.google.com with SMTP id 38308e7fff4ca-2d4a8bddc21so6921851fa.0 for <cfrg@irtf.org>; Wed, 03 Apr 2024 20:56:46 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCXp4iF8Kf650u03UyMBvJ+oiqdsjb7W0ySTwdMVaFxKWyQMSelwTl9aJD9lZrdM2SSrqItIn6WkssuW6HHI
X-Received: by 2002:a05:651c:22f:b0:2d6:e2aa:6801 with SMTP id z15-20020a05651c022f00b002d6e2aa6801mr813241ljn.46.1712203006395; Wed, 03 Apr 2024 20:56:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAKx+b+ZaqUfAQiLjkpWGgZAWRpVJYJtAm=v+-PVU1PMPP5Tu8Q@mail.gmail.com> <BN0P110MB14192D55538E9115BDB9A28F903DA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM> <6d8e6be7-52c3-4aa2-b970-a9ed8f0ecc6d@betaapp.fastmail.com>
In-Reply-To: <6d8e6be7-52c3-4aa2-b970-a9ed8f0ecc6d@betaapp.fastmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 03 Apr 2024 23:56:32 -0400
X-Gmail-Original-Message-ID: <CAD5OKxufNx5zg7EkfPmR3xsZ0zC9dFT_aQoJgQKuFTiVCEPTgg@mail.gmail.com>
Message-ID: <CAD5OKxufNx5zg7EkfPmR3xsZ0zC9dFT_aQoJgQKuFTiVCEPTgg@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Jonathan Lennox <jonathan.lennox42@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000fada5c06153d5346"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JjKaSYUJpghgcvv5j65NaV0aLKY>
Subject: Re: [CFRG] [EXT] IETF WG Interest in AES-GCM-SST
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 03:56:54 -0000
Martin, What would be the benefits of OCB vs. SST? Generally, "the media folks" need a modern, efficient replacement of SRTP_AES_CM_128_HMAC_SHA1_32 by something with 32-bit tags to minimize the overhead for low-bitrate audio. I know that AES-GCM-SST can be more efficient on modern CPUs than SRTP_AES_CM_128_HMAC_SHA1_32. It should also be more secure, but this would require a more formal analysis. I have not looked at OCB for either efficiency or security. Best Regards, _____________ Roman Shpount On Wed, Apr 3, 2024 at 11:29 PM Martin Thomson <mt@lowentropy.net> wrote: > On Thu, Apr 4, 2024, at 00:56, Blumenthal, Uri - 0553 - MITLL wrote: > > Is AES-GCM-SST still failing catastrophically when nonce is re-used? > > Of course. But that isn't a problem for SRTP. > > I am interested in the OCB vs. SST conversation and whether the media > folks considered OCB. > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://mailman.irtf.org/mailman/listinfo/cfrg >
- [CFRG] IETF WG Interest in AES-GCM-SST Jonathan Lennox
- Re: [CFRG] [EXT] IETF WG Interest in AES-GCM-SST Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] IETF WG Interest in AES-GCM-SST Martin Thomson
- Re: [CFRG] [EXT] IETF WG Interest in AES-GCM-SST Roman Shpount