[Cfrg] IVs in the "authenticated encryption" draft
David McGrew <mcgrew@cisco.com> Fri, 15 September 2006 12:31 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GOCqj-00088B-Sj; Fri, 15 Sep 2006 08:31:17 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GOCqi-00087k-VU for cfrg@ietf.org; Fri, 15 Sep 2006 08:31:16 -0400
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GOCqg-0006PI-Kp for cfrg@ietf.org; Fri, 15 Sep 2006 08:31:16 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-2.cisco.com with ESMTP; 15 Sep 2006 05:31:15 -0700
X-IronPort-AV: i="4.09,170,1157353200"; d="scan'208"; a="341582663:sNHT30547536"
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k8FCVEtZ006277 for <cfrg@ietf.org>; Fri, 15 Sep 2006 05:31:14 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k8FCVEQV011109 for <cfrg@ietf.org>; Fri, 15 Sep 2006 05:31:14 -0700 (PDT)
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 15 Sep 2006 05:31:13 -0700
Received: from [192.168.1.100] ([10.32.254.211]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 15 Sep 2006 05:31:13 -0700
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Transfer-Encoding: 7bit
Message-Id: <91CAF4F8-1791-4DD6-A8C0-5FDC6AE5C2F9@cisco.com>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
To: cfrg@ietf.org
From: David McGrew <mcgrew@cisco.com>
Date: Fri, 15 Sep 2006 05:31:11 -0700
X-Mailer: Apple Mail (2.752.2)
X-OriginalArrivalTime: 15 Sep 2006 12:31:13.0951 (UTC) FILETIME=[D53E1AF0:01C6D8C2]
DKIM-Signature: a=rsa-sha1; q=dns; l=1192; t=1158323474; x=1159187474; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:David=20McGrew=20<mcgrew@cisco.com> |Subject:IVs=20in=20the=20=22authenticated=20encryption=22=20draft; X=v=3Dcisco.com=3B=20h=3DJIzXGEPehH4n4xPlz4OtPGNkl/U=3D; b=siODs7Ks8IkKmnyhCLir1ILsOasdqJskfbM0HxReEIbpTi3Gun9btDW9haHe+7uHp/4Sqjxd 2iX7sNOGse06I7XuWAzR9YdF9mBL5ZaF+7tCAge94ufJprXQzOpNsk4Z;
Authentication-Results: sj-dkim-2.cisco.com; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Subject: [Cfrg] IVs in the "authenticated encryption" draft
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
Hello, if you've read the draft, I'd be interested to hear your thoughts on the use of IVs in that document. Currently, the IV is an *output* of the encryption process, rather than an input to it. This property puts IV generation into the crypto process, which simplifies the interface for most users and eliminates the risk of security problems due to inappropriate IV generation by the user. However, this property adds some complexity; in order to support the use of deterministic IVs when a single key is used by multiple encryptors, it was necessary to add an "IV" contribution field. I very much like the idea of having an interface that is harder to misuse, but I'm now wondering if that goal is "one too many" for the current draft. Perhaps it would be better to allow the IVs to be inputs, as is more conventional, which would allow this draft to get finished more quickly, and then to consider a user-proof interface in some separate future work, if that would be useful. I've heard comments on both sides of this issue, and I'd like to gauge the general feeling of the group, so I'd value your opinion. thanks, David _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] IVs in the "authenticated encryption" draft David McGrew
- Re: [Cfrg] IVs in the "authenticated encryption" … David Wagner