IETF Logo Mail Archive

Re: [Cfrg] Encrypt in place guidance

Robert Moskowitz <rgm-sec@htt-consult.com> Wed, 01 April 2020 01:20 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 521EC3A0F44 for <cfrg@ietfa.amsl.com>; Tue, 31 Mar 2020 18:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPoFxIhAvL2J for <cfrg@ietfa.amsl.com>; Tue, 31 Mar 2020 18:20:10 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABD713A0F43 for <cfrg@ietf.org>; Tue, 31 Mar 2020 18:20:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id B79756213F; Tue, 31 Mar 2020 21:20:08 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Qpj+oO-khOY1; Tue, 31 Mar 2020 21:20:00 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id EED4C62133; Tue, 31 Mar 2020 21:19:57 -0400 (EDT)
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, "Salz, Rich" <rsalz@akamai.com>, Dan Brown <danibrown@blackberry.com>, "cfrg@ietf.org" <cfrg@ietf.org>
References: <83571efb-a32f-6a59-a496-de56716f07da@htt-consult.com> <a16dcbe63aa745e482a3f435aa8e0470@blackberry.com> <f5e4c7a3-e039-ec7d-59b7-0c581d9022e6@htt-consult.com> <9ACD4ECA-CFBF-40DC-8CB8-BB7DAEFBB42D@ll.mit.edu> <d4383234-d452-dad8-52dc-dd35dbecbb8a@htt-consult.com> <95BC6180-32C1-4943-B8BC-FF40E1F6EB10@akamai.com> <28659E8D-E79E-4E45-B2CB-490B3DDB1842@ll.mit.edu>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <c39cceb2-d96a-8fab-6ac0-fd76b5f37793@htt-consult.com>
Date: Tue, 31 Mar 2020 21:19:54 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <28659E8D-E79E-4E45-B2CB-490B3DDB1842@ll.mit.edu>
Content-Type: multipart/alternative; boundary="------------13676D0C0A42D5A4A3B41F34"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/SO0Yskq2XydMv0Lj-Gp-1yWhOZQ>
Subject: Re: [Cfrg] Encrypt in place guidance
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2020 01:20:13 -0000


On 3/31/20 9:10 PM, Blumenthal, Uri - 0553 - MITLL wrote:
>
> I will write the draft using Speck for 64 bit block.  That will get 
> the draft out and open up for discussion.
>
> You’d probably write a draft requiring a 64-bit block cipher, 
> proposing SPECK as one that fits the requirements, both 
> block-size-wise and key-size-wise.
>

I am wordsmithing this now.  Of course the draft COULD go in tomorrow, 
but then it would be dated Apr 1.  So I will probably wait until Thrusday...

> And if I had a 2 byte IV, I could get AES-CTR working to protect 
> 2^16-1 messages.  More than enough for a mission.
>
> In fact, if you have two bytes for crypto expansion – you could do 
> better than CTR.
>

I am updating my draft with this approach right now.  I figured it out 
myself.  I am so proud of me.  ;)

> This will be up to ASTM and the regulators with us advising.
>
> I don’t even know what ASTM is. ;-)
>

astm.org

The standard for UAS Remote ID and Tracking is F3411-19 and is not only 
referenced by the FAA but also EASA.  It costs $85 to purchase or get 
your ASTM membership for $75.

> Simon and speck are controversial, and almost nobody believed that 
> they weren’t deliberately crippled.  It hasn’t been proven.  But there 
> were enough concerns that ISO rejected them.  See 
> https://rwc.iacr.org/2019/slides/RWC87slides.pdf
>
> Count me among those “almost”.
>
> Also, I wasn’t much impressed by those slides.
>
> I mention all this because I am sure using Speck will be 
> controversial, and you need to be sure that you are willing to take on 
> that battle.
>
> Depends on the customer. I’m sure FAA, DOT, or other US govt entity 
> would have no problem with SPECK.
>

But maybe not EASA (not entirely sure EASA is the 'correct' EU agency).  
The two together very much control the world-wide decision process.  Of 
course New Zealand could weigh in.  They manage ~1/6 of the world's 
airspace.

v2.23.0 | Report a Bug | By Email