IETF Logo Mail Archive

RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms

Sean Shuo Shen <sshen@huawei.com> Sat, 05 January 2008 06:47 UTC

Return-path: <cfrg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JB2oC-00080O-BL; Sat, 05 Jan 2008 01:47:04 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JB2oA-0007pc-1j for cfrg@ietf.org; Sat, 05 Jan 2008 01:47:02 -0500
Received: from szxga03-in.huawei.com ([61.144.161.55]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JB2o7-000693-Q9 for cfrg@ietf.org; Sat, 05 Jan 2008 01:47:02 -0500
Received: from huawei.com (szxga03-in [172.24.2.9]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JU50026US4WEA@szxga03-in.huawei.com> for cfrg@ietf.org; Sat, 05 Jan 2008 14:46:08 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JU500JSJS4WGF@szxga03-in.huawei.com> for cfrg@ietf.org; Sat, 05 Jan 2008 14:46:08 +0800 (CST)
Received: from s102542 ([10.111.12.53]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0JU500GE0S4QDS@szxml04-in.huawei.com> for cfrg@ietf.org; Sat, 05 Jan 2008 14:46:08 +0800 (CST)
Date: Sat, 05 Jan 2008 14:46:02 +0800
From: Sean Shuo Shen <sshen@huawei.com>
Subject: RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms
In-reply-to: <p06240501c3a3f376d728@[128.89.89.71]>
To: 'Stephen Kent' <kent@bbn.com>
Message-id: <006501c84f66$a35f4f10$350c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Thread-index: AchO7sJbABb0XSbeTJmJfzPczjHuPQATz47Q
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: saag@mit.edu, cfrg@ietf.org
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org

Thank you, Stephen,

>Sure.
>FIPS 140-x evaluation of crypto modules generally will NOT encompass 
>implementation of mechanisms used for anti-replay, e.g., the sequence 
>numbers used in IPsec or in TCP. This is because these mechanisms are 
>not part of a crypto algorithm definition. However, if these same 
>values are used as inputs to crypto algorithms, e.g., a MAC algorithm 
>or a confidentiality algorithm such as counter mode encryption, THEN 
>they become part of the evaluated code/hardware base. So, if one were 
>to use TCP sequence numbers in a MAC algorithm, and the algorithm 
>required the numbers to be unique, then all aspects of TCP sequence 
>number management would become part of the evaluated code base. In 
>general, one tries to minimize the size of the evaluated code and 
>hardware, to increase likelihood that the evaluation will succeed, to 
>reduce the need for re-evaluation when any of the evaluated 
>code/hardware changes, etc.

>This observation caused IPsec to decide to NOT reuse its anti-replay 
>sequence numbers for counter-mode encryption. Rather IPsec requires 
>carriage of the counter-mode, per-packet value in each packet header.

Here I agree that carrying the nonce (or an index/counter for nonce) with
the MAC is a good way for a nonce MAC algorithm to get express pass from
fips.

Sean



_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email