Re: [Cfrg] draft-housley-ccm-mode-00.txt

pgut001@cs.auckland.ac.nz (Peter Gutmann) Sat, 17 August 2002 05:27 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA10588 for <cfrg-archive@odin.ietf.org>; Sat, 17 Aug 2002 01:27:33 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id BAA27987 for cfrg-archive@odin.ietf.org; Sat, 17 Aug 2002 01:28:55 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA27953; Sat, 17 Aug 2002 01:24:42 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA27927 for <cfrg@optimus.ietf.org>; Sat, 17 Aug 2002 01:24:41 -0400 (EDT)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA10548 for <cfrg@ietf.org>; Sat, 17 Aug 2002 01:23:18 -0400 (EDT)
Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.4/8.12.4) with ESMTP id g7H5Nx8W021918; Sat, 17 Aug 2002 17:23:59 +1200
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id RAA78449; Sat, 17 Aug 2002 17:23:59 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Sat, 17 Aug 2002 17:23:59 +1200 (NZST)
Message-ID: <200208170523.RAA78449@ruru.cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cfrg@ietf.org, daw@mozart.cs.berkeley.edu
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
Sender: cfrg-admin@ietf.org
Errors-To: cfrg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
X-BeenThere: cfrg@ietf.org

daw@mozart.cs.berkeley.edu (David Wagner) writes:
>Peter Gutmann wrote:
>>If it's truly unencumbered, I'd like to see this as standards-track.
>
>Can you elaborate?  What advantages do you see for CCM over the standard
>encrypt-then-authenticate generic composition of AES-CBC encryption and AES-
>CBC-MAC (suitably modified to be secure for variable-length messages)?  The
>latter is unencumbered and has the same performance characteristics as CCM.

I was thinking more of OCB and its assorted ancestors and relatives (with
accompanying extended family of patents).  I'd be happy with any unencumbered,
reasonably clean encrypt+MAC combo (note that's encrypt+MAC, not encrypt-then-
MAC), Russ just happened to get there first with his CCM draft.

Peter.


_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg