Re: [Cfrg] Streaming AEAD
David McGrew <mcgrew@cisco.com> Tue, 18 February 2014 13:23 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BE111A04D7 for <cfrg@ietfa.amsl.com>; Tue, 18 Feb 2014 05:23:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.049
X-Spam-Level:
X-Spam-Status: No, score=-15.049 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MhhS7RrrcU1p for <cfrg@ietfa.amsl.com>; Tue, 18 Feb 2014 05:23:27 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id E9D1D1A04BF for <cfrg@irtf.org>; Tue, 18 Feb 2014 05:23:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1706; q=dns/txt; s=iport; t=1392729802; x=1393939402; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=iOsraRJ1nwuVqL1xMD4Gz7SiTl+Uhm0C/OprfWMkc0A=; b=UJsXU1YOzfMQYWWsyhX9kF8SXx8hhHPTJwvoTvVqVscUIxNYN1JAwqj+ uFifzxyhpIl0VdHTG2NLZF1y8S5eXlZC/SecbuExVMPisY+Ffy5Uo+Ci/ qDPhx5Xsh5m4ffv40NzTfRgTRvuGmcvG57DsgsFcN+YLvRvfpk3987qx7 E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhsFAHBeA1OtJV2Z/2dsb2JhbABZDoJ4OMAngRUWdIIlAQEBAwEBAQE1NgoBBQsLDgoJFg8JAwIBAgEVMAYNAQUCAgWHaAMJCA3DOB2HfxeMWCiCAQeEOAEDiUiOZIZHi1yCbl0e
X-IronPort-AV: E=Sophos;i="4.97,501,1389744000"; d="scan'208";a="304783875"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-7.cisco.com with ESMTP; 18 Feb 2014 13:23:20 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8914.cisco.com [10.117.10.229]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s1IDNImB003303; Tue, 18 Feb 2014 13:23:19 GMT
Message-ID: <53035EC7.8010607@cisco.com>
Date: Tue, 18 Feb 2014 08:23:19 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C7372375D64@uxcn10-tdc06.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C7372375D64@uxcn10-tdc06.UoA.auckland.ac.nz>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/ggrgzxvf6W7KAw7WSo89JzU7zLE
Cc: "agl@imperialviolet.org" <agl@imperialviolet.org>, "nisse@lysator.liu.se" <nisse@lysator.liu.se>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Streaming AEAD
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 13:23:29 -0000
Hi Peter, On 02/18/2014 04:13 AM, Peter Gutmann wrote: > "Manger, James" <James.H.Manger@team.telstra.com> writes: > >> What is needed is a way to use an AEAD algorithm to secure a message in >> chunks. Streaming-AEAD would allow a recipient to know they have received an >> authentic prefix of a message. It would allow crypto APIs to support >> streaming modes while never returning unauthentic plaintext. > I think the means of doing this is going to be protocol-specific, since it > depends on the PDU format being used. I think that's right. It still makes sense to consider what should be going on above the AEAD layer, in a generic sense. > For things like SSL/TLS and SSH the > problem is already solved since data amounts are quantised to the protocol > data packet size, I hope that's right. I am not sure that SSL/TLS implementers would be comfortable if they could never use the decryptUpdate function though. > for store-and-forward protocols like PGP and S/MIME you'd > need to add a mechanism for it in a PGP/SMIME-specific manner, but then you'd > also need to figure out how to communicate it to the other side... and then > you're back to relying on ad-hoc mechanisms. > > When I had to do this years ago I used something like: > > len1 || data1 || h1 = HMAC( len1 || data1 ), > len2 || data2 || h2 = HMAC( h1 || len2 || data2 ), > len3 || data3 || h3 = HMAC( h2 || len3 || data3 ), > ... > > A length of 0 indicated end-of-contents. Interesting, is there a writeup? thanks, David > > Peter. > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg >
- Re: [Cfrg] Streaming AEAD Peter Gutmann
- [Cfrg] Streaming AEAD Manger, James
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD Jean Paul Degabriele
- Re: [Cfrg] Streaming AEAD Manger, James
- Re: [Cfrg] Streaming AEAD Mridul Nandi
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David Jacobson