[Cfrg] Re: [saag] TCP-AO MAC algorithms
mcgrew <mcgrew@cisco.com> Thu, 20 December 2007 15:50 UTC
Return-path: <cfrg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5Nfm-0001Ug-AL; Thu, 20 Dec 2007 10:50:58 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5Nfk-0001RL-F2 for cfrg@ietf.org; Thu, 20 Dec 2007 10:50:56 -0500
Received: from rtp-iport-2.cisco.com ([64.102.122.149]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J5Nfj-0004B9-TE for cfrg@ietf.org; Thu, 20 Dec 2007 10:50:56 -0500
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-2.cisco.com with ESMTP; 20 Dec 2007 10:50:56 -0500
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id lBKFotGW004710; Thu, 20 Dec 2007 10:50:55 -0500
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id lBKFoagF014028; Thu, 20 Dec 2007 15:50:55 GMT
Received: from xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 20 Dec 2007 10:50:40 -0500
Received: from 10.32.254.210 ([10.32.254.210]) by xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) with Microsoft Exchange Server HTTP-DAV ; Thu, 20 Dec 2007 15:50:29 +0000
User-Agent: Microsoft-Entourage/11.2.4.060510
Date: Thu, 20 Dec 2007 07:50:27 -0800
From: mcgrew <mcgrew@cisco.com>
To: Brian Weis <bew@cisco.com>
Message-ID: <C38FCF43.2F65%mcgrew@cisco.com>
Thread-Topic: [saag] TCP-AO MAC algorithms
Thread-Index: AchDIAo/SQgSTa8TEdyWUgAUUQnMFg==
In-Reply-To: <98FA6BE8-0825-41F6-8DAA-1A5706D974A9@cisco.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 20 Dec 2007 15:50:40.0029 (UTC) FILETIME=[120374D0:01C84320]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2437; t=1198165855; x=1199029855; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20mcgrew=20<mcgrew@cisco.com> |Subject:=20Re=3A=20[saag]=20TCP-AO=20MAC=20algorithms |Sender:=20 |To:=20Brian=20Weis=20<bew@cisco.com>; bh=db5yKbeVVV4lKEPvRBXFGIk+0ika4jSDScmCbRTSXKk=; b=JOyrLJNdEkzXE37ydTR2kd8nqKdU2Ea5lfLaI4LLx/i0U6gCatjo5Fa8ND +9LFs2CY6+tW2ybrfPmoPtUjKbcx9V3GEIV47PPh2z/8ErbDRad/l+oq2yCO xWaIpi9qoR;
Authentication-Results: rtp-dkim-2; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Cc: saag@mit.edu, cfrg@ietf.org
Subject: [Cfrg] Re: [saag] TCP-AO MAC algorithms
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
Hi Brian, I've cross-posted to CFRG to tie the TCP Auth work in with draft-irtf-cfrg-fast-mac-requirements draft. On 12/18/07 4:23 PM, "Brian Weis" <bew@cisco.com> wrote: > Greetings, > > The TCPM WG seeks advice from SAAG on which MACs to include as > required MACs for the TCP Authentication Option (draft-ietf-tcpm-tcp- > auth-opt-00). Two MACs with differing internal constructions are > desired. I assume that the reason for having two mandatory-to-implement MACs is to ensure algorithm agility. > > In my opinion, it is also important that MACs defined by an Internet > standard as required to be implemented be based on NIST-approved > algorithms and modes, and also be generally available in both > software and cryptographic hardware. > > The following two MACs are reasonable recommendations that taken > together easily meet the above criteria: HMAC-SHA-1 and AES-CMAC. I > propose that these be the algorithms provided to the TCPM WG. > > Brian Sounds like reasonable choices to me. It would be good to have a MAC that performs exceptionally well in software, along the lines of what we've targeted in draft-irtf-cfrg-fast-mac-requirements, but if the choice of MACs has to be made *today*, there may not be a suitable candidate that has been sufficiently specified and/or reviewed. I expect that MACs that will be more suitable for use in TCP Authentication will be developed (candidates include [1] and [2]). I trust that there is a path for the adoption of new MACs in TCP Auth. Probably the biggest open question is the length of the MAC. The CMAC specification states that lengths 64 bits and higher are acceptable, but that smaller values "shall only be used in conjunction with a careful analysis of the risks" [1]. It would be good to do this analysis for TCP Auth, of course, but it is encouraging that AES-128-CMAC could be used with a 64-bit tag and still meet the conformance goals that you outlined. Best regards, David [1] J. Black and M. Cochran, "MAC Reforgeability", http://eprint.iacr.org/2006/095 [2] D.J. Bernstein, "Polynomial evaluation and message authentication", http://cr.yp.to/antiforgery/pema-20071022.pdf [3] M. Dworkin, NIST Special Publication 800-38B, "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication" http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] Re: [saag] TCP-AO MAC algorithms mcgrew
- RE: [Cfrg] Re: [saag] TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [Cfrg] Re: [saag] TCP-AO MAC algorithms mcgrew
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- RE: [Cfrg] Re: [saag] TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen