IETF Logo Mail Archive

RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms

Stephen Kent <kent@bbn.com> Fri, 04 January 2008 16:24 UTC

Return-path: <cfrg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JApLm-00010z-48; Fri, 04 Jan 2008 11:24:50 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JApLk-00010t-Lz for cfrg@ietf.org; Fri, 04 Jan 2008 11:24:48 -0500
Received: from mx12.bbn.com ([128.33.0.81]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JApLk-0007Ef-51 for cfrg@ietf.org; Fri, 04 Jan 2008 11:24:48 -0500
Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1JApLj-0007Dv-49; Fri, 04 Jan 2008 11:24:47 -0500
Mime-Version: 1.0
Message-Id: <p06240501c3a3f376d728@[128.89.89.71]>
In-Reply-To: <002301c84e75$a9354580$350c6f0a@china.huawei.com>
References: <002301c84e75$a9354580$350c6f0a@china.huawei.com>
Date: Fri, 04 Jan 2008 09:38:27 -0500
To: Sean Shuo Shen <sshen@huawei.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: saag@mit.edu, cfrg@ietf.org
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org

At 10:01 AM +0800 1/4/08, Sean Shuo Shen wrote:
>Hi Stephen,
>Can you talk more details about the FIPS evaluation problem?
>
>Sean
>

Sure.

FIPS 140-x evaluation of crypto modules generally will NOT encompass 
implementation of mechanisms used for anti-replay, e.g., the sequence 
numbers used in IPsec or in TCP. This is because these mechanisms are 
not part of a crypto algorithm definition. However, if these same 
values are used as inputs to crypto algorithms, e.g., a MAC algorithm 
or a confidentiality algorithm such as counter mode encryption, THEN 
they become part of the evaluated code/hardware base. So, if one were 
to use TCP sequence numbers in a MAC algorithm, and the algorithm 
required the numbers to be unique, then all aspects of TCP sequence 
number management would become part of the evaluated code base. In 
general, one tries to minimize the size of the evaluated code and 
hardware, to increase likelihood that the evaluation will succeed, to 
reduce the need for re-evaluation when any of the evaluated 
code/hardware changes, etc.

This observation caused IPsec to decide to NOT reuse its anti-replay 
sequence numbers for counter-mode encryption. Rather IPsec requires 
carriage of the counter-mode, per-packet value in each packet header.

Steve

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email