Re: [Cfrg] Use of draft-mgcrew-aead-aes-cbc-hmac-sha2 with CMS
Mike Jones <Michael.Jones@microsoft.com> Sun, 17 March 2013 18:57 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 459E721F8A43 for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2013 11:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.225
X-Spam-Level:
X-Spam-Status: No, score=-2.225 tagged_above=-999 required=5 tests=[AWL=0.373, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NS9FtayWHdO4 for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2013 11:57:05 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) by ietfa.amsl.com (Postfix) with ESMTP id A0FA521F8A68 for <cfrg@irtf.org>; Sun, 17 Mar 2013 11:57:05 -0700 (PDT)
Received: from BL2FFO11FD013.protection.gbl (10.173.161.202) by BL2FFO11HUB028.protection.gbl (10.173.161.52) with Microsoft SMTP Server (TLS) id 15.0.641.9; Sun, 17 Mar 2013 18:56:52 +0000
Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD013.mail.protection.outlook.com (10.173.160.221) with Microsoft SMTP Server (TLS) id 15.0.641.9 via Frontend Transport; Sun, 17 Mar 2013 18:56:52 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.29]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.02.0318.003; Sun, 17 Mar 2013 18:56:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, David McGrew <mcgrew@cisco.com>
Thread-Topic: [Cfrg] Use of draft-mgcrew-aead-aes-cbc-hmac-sha2 with CMS
Thread-Index: Ac4jLkgMuq37lVAvRXCo2xsqoYEAggAElXXQ
Date: Sun, 17 Mar 2013 18:56:48 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436753BCBC@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <088401ce2330$fef84950$fce8dbf0$@augustcellars.com>
In-Reply-To: <088401ce2330$fef84950$fce8dbf0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.34]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436753BCBCTK5EX14MBXC284r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(199002)(189002)(52314002)(377454001)(51856001)(47736001)(33656001)(56776001)(56816002)(49866001)(47976001)(50986001)(54356001)(55846006)(59766001)(53806001)(4396001)(16406001)(512954001)(79102001)(5343655001)(5343635001)(63696002)(74502001)(47446002)(54316002)(44976002)(31966008)(66066001)(77982001)(69226001)(80022001)(46102001)(76482001)(65816001)(20776003)(74662001)(15202345001)(16236675001)(550254004); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB028; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 07880C4932
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Use of draft-mgcrew-aead-aes-cbc-hmac-sha2 with CMS
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2013 18:57:07 -0000
In a private thread with David, there's a discussion about how the algorithm description in draft-mgcrew-aead-aes-cbc-hmac-sha2 could be refactored into:
1) Requirements about the content of the key value.
2) Requirements about the content of the initialization vector value.
3) A deterministic function generating the ciphertext and integrity value from the plaintext, additional authenticated data, initialization vector, and key.
4) A RFC 5116 encoding for the results of 1-3.
I believe, Jim, that you're saying that CMS would use 1-3, but a different encoding of the results than 4. I believe that JSON Web Encryption (JWE) would also want to use 1-3 but not 4.
Anyway, I think this is a really useful discussion and one that could result in the algorithm being used in more contexts. Thanks for your thoughts, Jim.
-- Mike
From: cfrg-bounces@irtf.org [mailto:cfrg-bounces@irtf.org] On Behalf Of Jim Schaad
Sent: Sunday, March 17, 2013 10:01 AM
To: David McGrew
Cc: cfrg@irtf.org
Subject: [Cfrg] Use of draft-mgcrew-aead-aes-cbc-hmac-sha2 with CMS
David,
If I were to assume that I wanted to use your draft rather than RFC 6476 (Using Message Authentication Code (MAC) Encryption in the Cryptographic Message Syntax (CMS)) in a CMS context with the AEAD structures defined in RFC 5038, I believe that I would have a problem. Specifically, the current CMS structure assumes that the IV and the authentication tag are kept separate
I have no objects to the fact that a long key is used and the fact that the MAC cannot be truncated. However the fact that the IV and the tag MUST be part of the encryption stream is difficult.
I do however 100% agree that the IV MUST be included in the tag computation.
Jim