[Cfrg] Changes in draft-irtf-cfrg-ocb-03
Ted Krovetz <ted@krovetz.net> Wed, 12 June 2013 22:56 UTC
Return-Path: <ted@krovetz.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14A5821E8091 for <cfrg@ietfa.amsl.com>; Wed, 12 Jun 2013 15:56:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.2
X-Spam-Level:
X-Spam-Status: No, score=-2.2 tagged_above=-999 required=5 tests=[AWL=-0.400, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHmFPdiUSstY for <cfrg@ietfa.amsl.com>; Wed, 12 Jun 2013 15:56:33 -0700 (PDT)
Received: from mail-pd0-f180.google.com (mail-pd0-f180.google.com [209.85.192.180]) by ietfa.amsl.com (Postfix) with ESMTP id 721E711E8101 for <cfrg@ietf.org>; Wed, 12 Jun 2013 15:56:33 -0700 (PDT)
Received: by mail-pd0-f180.google.com with SMTP id 10so10610388pdi.11 for <cfrg@ietf.org>; Wed, 12 Jun 2013 15:56:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version:x-mailer:x-gm-message-state; bh=wEhpeWeGHWkau2lzOSLEcjv3GI/cfqzhfcfnbphAzag=; b=bgvGSGpENDC3/vRtdRvpdfh9JrURxFm11i3RPI6v30scAmghsMe8BHUdy739+Qykpv +iS6fv6TxCY5PIlv48Hd5NGdCyCPXQQPs9u6wXGP2wxSqFLOnkXTYSi5RjYUZURaeyJE oO50LEDU7EHevG6JR1u7IA1cnSfTQkmA0N/Io4oJihQyjdA48YVO1/Na4bewKBM/W7Is u5VAAClutkTc1l34nT6no8EvHMI4G4r6NZ7rs2iyxG1tjEM3S03t411GZTM17a2cs7GJ D6LvIE/pBIlOz2fo7rQELcdG4K/UfWHAonvssYiDF9pCSUBPXxLwoMnBrnHFug9xqSvG V/Yw==
X-Received: by 10.68.226.99 with SMTP id rr3mr22593338pbc.35.1371077793152; Wed, 12 Jun 2013 15:56:33 -0700 (PDT)
Received: from [192.168.1.162] (c-67-166-145-119.hsd1.ca.comcast.net. [67.166.145.119]) by mx.google.com with ESMTPSA id xz1sm26566088pab.5.2013.06.12.15.56.31 for <cfrg@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 12 Jun 2013 15:56:32 -0700 (PDT)
From: Ted Krovetz <ted@krovetz.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <21F1AE1B-3783-4767-BDB4-1E40F8468372@krovetz.net>
Date: Wed, 12 Jun 2013 15:56:30 -0700
To: "cfrg@ietf.org" <cfrg@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
X-Mailer: Apple Mail (2.1508)
X-Gm-Message-State: ALoCoQlu1fls7jArHut9KhNEC3tIqiHkesff5u0pdt7LlazJn8uZr+kFfL/WqQPvZ0WheHdiWx9f
Subject: [Cfrg] Changes in draft-irtf-cfrg-ocb-03
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 22:56:38 -0000
I have just posted a revised Internet-Draft for OCB. <https://datatracker.ietf.org/doc/draft-irtf-cfrg-ocb/> A nice diff can be seen at <http://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-ocb-03> The most significant changes are: 1. OCB uses an internal 128-bit nonce which is constructed from user-supplied nonce N as `Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N` This changes all generated tags except those that are 128 bits. The macro `num2str` is also new and is now defined in the notation section. 2. The end of Appendix A adds test vectors for each named parameter set. All other test vectors are unchanged because they had 128-bit tags. 3. The Security Considerations has a new paragraph on TAGLEN. > Normally, a given key should be used to create ciphertexts with a > single tag length, TAGLEN, and an application should reject any > ciphertext that claims authenticity under the same key but a > different tag length. While the ciphertext core and all of the bits > of the tag do depend on the tag length, this is done for added > robustness to misuse and should not suggest that receivers accept > ciphertexts employing variable tag lengths under a single key. 4. A new paragraph is added to the introduction making it clear that byte-oriented implementations are okay. This is in response to an implementor who was worried about his byte-oriented implementation being out of compliance with the spec. > For reasons of generality, OCB is defined to operate on arbitrary > bit-strings. But for reasons of simplicity and efficiency, most > implementations will assume that strings operated on are byte-strings > (ie, strings that are a multiple of 8 bits). To promote > interoperability, implementations of OCB that communicate with > implementations of unknown capabilities should restrict all provided > values (nonces, tags, plaintexts, ciphertexts, and associated data) > to byte-strings. Thank you everybody for your help in refining OCB. Phil and I really appreciate it. -Ted
- [Cfrg] Changes in draft-irtf-cfrg-ocb-03 Ted Krovetz
- Re: [Cfrg] Changes in draft-irtf-cfrg-ocb-03 David McGrew