Re: [Cfrg] I-D Action: draft-irtf-cfrg-gcmsiv-01.txt
Adam Langley <agl@imperialviolet.org> Mon, 09 May 2016 12:33 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3484A12B057; Mon, 9 May 2016 05:33:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrwxzOpXBUa2; Mon, 9 May 2016 05:33:07 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64AEC12D170; Mon, 9 May 2016 05:33:06 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id r184so93120347qkc.1; Mon, 09 May 2016 05:33:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=5A5r74DtOQzNCWoi3OHS1NLdjTdDxS4Be76+yXnJboU=; b=Xg9OSczeoZ9aNJn7rabDxUBm+RxKLU0O05+OKYjMm7CCU6fug0QHrQCD5GUxdWZSpO yTViuc2VWX4nGQIZXagr64wi1O5NssdC9w2H/u9zr/rkBVOiQMjU/kIrYAQMP1sMZ+6F HCVffuWte7CR39D/G1iO6b28fbi1nKReCYMOQayYc25mtp05psM0S1Wdp0M9DJ3N0xi9 JRxkIrbyhm5mTpD2KzIQqOU1C/dT4Q0zC3IXTVzBrRFZSCdHIbFccpzbmo4EpSgCt88E fhq9QmQ2FPOArxdx8t5N4x1bWaDyiM1ldN+dU6HddRAzzisZR5/dIfkag1Uh8A9TaW3P yMKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=5A5r74DtOQzNCWoi3OHS1NLdjTdDxS4Be76+yXnJboU=; b=HcQe1diNd/aiUmCFZeELjVIJvXlZGayhnjJc9dZhrpXgwjwF9E5admjakxoKlVTiKB DtWxa7QImKDqXeWa+1MXAEJfppfuutkSjIf9Z0zq4XJzhPKLYAQiXfbZEA6dVSnuh0T2 5NHQd9hk+zuIQCouA3CHHwqLicKDXB09kJM2E802j6i4xmtuWuIK4lbDem/GS+4YbOLW W6deD+NITsjtm+7lwSYvDcUcRtVvXmqdvvhMSUIf1rzqlCKmBcLXPdb/IAf0JAPFnOWV o2ys0hB6qHkzwkJHB7MFGUN/T7joSXdoARjkpEOUBUNWyvpoF3iW0bPjiLFOjapu0e0f g0Ng==
X-Gm-Message-State: AOPr4FUu8WaH++B51wLdwA6G6KC+pnSQNRMKnw58BbQfZcRpRACn0YW6An4J9gNRFqnEryzDLyIn5IKgjAEC9g==
MIME-Version: 1.0
X-Received: by 10.55.17.32 with SMTP id b32mr17182730qkh.61.1462797185520; Mon, 09 May 2016 05:33:05 -0700 (PDT)
Sender: alangley@gmail.com
Received: by 10.237.48.49 with HTTP; Mon, 9 May 2016 05:33:05 -0700 (PDT)
In-Reply-To: <20160509122358.4946.5494.idtracker@ietfa.amsl.com>
References: <20160509122358.4946.5494.idtracker@ietfa.amsl.com>
Date: Mon, 09 May 2016 05:33:05 -0700
X-Google-Sender-Auth: kEkCaoOxorewptJR3Hu3lfb11jU
Message-ID: <CAMfhd9XFnC1YdUgEUvmq4o0=z-HPLxPDjxGZ+dNOA0_g7bMs3w@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: internet-drafts@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/_3qx1Kpb80fiOQaPqyenl1cXLEM>
Resent-From: alias-bounces@ietf.org
Resent-To: <>
Cc: cfrg@ietf.org, i-d-announce@ietf.org
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-gcmsiv-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2016 12:33:10 -0000
On Mon, May 9, 2016 at 5:23 AM, <internet-drafts@ietf.org> wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Crypto Forum of the IETF. Dear all, In light of discussions here we've changed the way that AES-GCM-SIV works with AES-256. It wasn't the case the two equal plaintexts with consecutive nonces would produce equal ciphertext. However, it seems to be insufficiently clear, and masking off a bit from the nonce (i.e., 127-bit nonce) looks inelegant. Thus, the record-encryption key is now generated using the "OFB mode" suggestion made by Uri Blumenthal. (Thanks to him for that.) In addition, we changed the initial counter value to avoid setting the least-significant 32 bits to zero. Starting the block counter at zero reduced the security margin in the analysis, and we realised that there was no reason for it. Cheers AGL
- [Cfrg] I-D Action: draft-irtf-cfrg-gcmsiv-01.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-gcmsiv-01.… Adam Langley
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-gcmsiv-01.… Dang, Quynh (Fed)