Re: [Cfrg] Request For Comments: OCB Internet-Draft

"Blumenthal, Uri - 0668 - MITLL" <uri@ll.mit.edu> Fri, 15 July 2011 16:19 UTC

Return-Path: <prvs=617715d0e8=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5004721F874A for <cfrg@ietfa.amsl.com>; Fri, 15 Jul 2011 09:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i+UM2CohFyLm for <cfrg@ietfa.amsl.com>; Fri, 15 Jul 2011 09:19:50 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id 0CC2921F84DB for <cfrg@irtf.org>; Fri, 15 Jul 2011 09:19:49 -0700 (PDT)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id p6FGJkDi031138; Fri, 15 Jul 2011 12:19:46 -0400
From: "Blumenthal, Uri - 0668 - MITLL" <uri@ll.mit.edu>
To: "'paul.hoffman@vpnc.org'" <paul.hoffman@vpnc.org>, "'ted@krovetz.net'" <ted@krovetz.net>
Date: Fri, 15 Jul 2011 12:19:44 -0400
Thread-Topic: [Cfrg] Request For Comments: OCB Internet-Draft
Thread-Index: AcxDBNuYEGb16Lk3SF+45evwcBGi0QABiaw8
In-Reply-To: <4FB2F68A-8B84-4953-A7B1-87D3E9DCEA2D@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813, 1.0.211, 0.0.0000 definitions=2011-07-15_06:2011-07-15, 2011-07-15, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=8 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1012030000 definitions=main-1107150122
Message-Id: <20110715161950.0CC2921F84DB@ietfa.amsl.com>
Cc: "'cfrg@irtf.org'" <cfrg@irtf.org>
Subject: Re: [Cfrg] Request For Comments: OCB Internet-Draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2011 16:19:54 -0000

Ted, I think you can be rather more specific. 

--
Regards,
Uri

----- Original Message -----
From: Paul Hoffman [mailto:paul.hoffman@vpnc.org]
Sent: Friday, July 15, 2011 11:35 AM
To: Ted Krovetz <ted@krovetz.net>
Cc: cfrg@irtf.org <cfrg@irtf.org>
Subject: Re: [Cfrg] Request For Comments: OCB Internet-Draft

On Jul 15, 2011, at 8:04 AM, Ted Krovetz wrote:

> In the ID we point out that if a nonce is reused during encryption, "partial information about past plaintexts will be revealed and subsequent forgeries will be possible". That seems specific enough for an RFC, don't you think?

If you know how "partial" that is, it would be useful for the draft. One repetition exposing one bit of a past plaintext is quite different than one repetition exposing half the bits, even though both are bad. Also, knowing what more two repetitions brings the attacker over one repetition is also useful from an operational standpoint.

--Paul Hoffman

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg