Re: [Cfrg] Attacker changing the tag length in OCB
"Jack Lloyd" <lloyd@randombit.net> Tue, 04 June 2013 20:02 UTC
Return-Path: <lloyd@randombit.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87EC221F8F2C for <cfrg@ietfa.amsl.com>; Tue, 4 Jun 2013 13:02:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ewuGhVYu9nv for <cfrg@ietfa.amsl.com>; Tue, 4 Jun 2013 13:02:14 -0700 (PDT)
Received: from maple.randombit.net (maple.randombit.net [66.228.45.112]) by ietfa.amsl.com (Postfix) with ESMTP id 0F98521F8FEC for <cfrg@irtf.org>; Tue, 4 Jun 2013 12:01:07 -0700 (PDT)
Received: from oak.randombit.net (oak.randombit.net [50.116.63.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by maple.randombit.net (Postfix) with ESMTPS id 05453A0A08 for <cfrg@irtf.org>; Tue, 4 Jun 2013 15:01:05 -0400 (EDT)
Received: by oak.randombit.net (sSMTP sendmail emulation); Tue, 04 Jun 2013 15:01:04 -0400
From: Jack Lloyd <lloyd@randombit.net>
Date: Tue, 04 Jun 2013 15:01:04 -0400
To: cfrg@irtf.org
Message-ID: <20130604190104.GA29597@randombit.net>
References: <alpine.WNT.2.00.1306031235280.6196@RogawaySamsung9> <810C31990B57ED40B2062BA10D43FBF518BD79@XMB111CNC.rim.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF518BD79@XMB111CNC.rim.net>
X-PGP-Fingerprint: 3F69 2E64 6D92 3BBE E7AE 9258 5C0F 96E8 4EC1 6D6B
X-PGP-Key: http://www.randombit.net/pgpkey.html
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [Cfrg] Attacker changing the tag length in OCB
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2013 20:02:29 -0000
On Tue, Jun 04, 2013 at 05:49:06PM +0000, Dan Brown wrote: > If the intent of the OCB spec is not to allow variable tag lengths, then I > think the spec needs greater emphasis, especially in view of some IETF > common practices and viewpoints (**). So, the spec should somewhere say [...] > (**) For example, TLS allows one public key per multiple different cipher > suites (not sure if it allows pre-shared key with different cipher suites). To address TLS-PSK specifically - using a single PSK with several different cipher suites is allowed, though as the actual symmetric keys are derived from both the PSK and the client and server nonces (and, optionally, a DH/ECDH key exchange), the actual OCB key would never be reused in a different context, or even in a different session with the same parameter set. -Jack
- Re: [Cfrg] Attacker changing the tag length in OCB Phillip Rogaway
- Re: [Cfrg] Attacker changing the tag length in OCB Manger, James H
- Re: [Cfrg] Attacker changing the tag length in OCB David McGrew
- Re: [Cfrg] Attacker changing the tag length in OCB Dan Brown
- Re: [Cfrg] Attacker changing the tag length in OCB Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Attacker changing the tag length in OCB Jack Lloyd
- [Cfrg] WG last call on latest OCB draft. Igoe, Kevin M.
- Re: [Cfrg] WG last call on latest OCB draft. Ted Krovetz
- Re: [Cfrg] WG last call on latest OCB draft. David Jacobson