[Cfrg] Re: Comments on SIV and draft-dharkins-siv-aes-00
mcgrew <mcgrew@cisco.com> Tue, 23 October 2007 21:54 UTC
Return-path: <cfrg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IkRhI-0004tV-LL; Tue, 23 Oct 2007 17:54:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IkRhG-0004sv-8o for cfrg@ietf.org; Tue, 23 Oct 2007 17:53:58 -0400
Received: from rtp-iport-1.cisco.com ([64.102.122.148]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IkRhF-0007Rp-2s for cfrg@ietf.org; Tue, 23 Oct 2007 17:53:58 -0400
X-IronPort-AV: E=Sophos;i="4.21,320,1188792000"; d="scan'208";a="74615954"
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-1.cisco.com with ESMTP; 23 Oct 2007 17:53:55 -0400
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l9NLru9M002434; Tue, 23 Oct 2007 17:53:56 -0400
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id l9NLrZ8l026988; Tue, 23 Oct 2007 21:53:46 GMT
Received: from xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 Oct 2007 17:53:34 -0400
Received: from 171.70.216.109 ([171.70.216.109]) by xmb-rtp-20c.amer.cisco.com ([64.102.31.57]) with Microsoft Exchange Server HTTP-DAV ; Tue, 23 Oct 2007 21:53:33 +0000
User-Agent: Microsoft-Entourage/11.2.4.060510
Date: Tue, 23 Oct 2007 14:53:36 -0700
From: mcgrew <mcgrew@cisco.com>
To: Dan Harkins <dharkins@lounge.org>
Message-ID: <C343BB70.1A93%mcgrew@cisco.com>
Thread-Topic: Comments on SIV and draft-dharkins-siv-aes-00
Thread-Index: AcgVvymLZ/R144GyEdybSAAUUQnMFg==
In-Reply-To: <38964.69.12.173.8.1193029634.squirrel@www.trepanning.net>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 23 Oct 2007 21:53:34.0389 (UTC) FILETIME=[28959E50:01C815BF]
X-TM-AS-Product-Ver: SMEX-8.0.0.1181-5.000.1023-15500.002
X-TM-AS-Result: No--18.513300-8.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1387; t=1193176436; x=1194040436; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20mcgrew=20<mcgrew@cisco.com> |Subject:=20Re=3A=20Comments=20on=20SIV=20and=20draft-dharkins-siv-aes-00 |Sender:=20 |To:=20Dan=20Harkins=20<dharkins@lounge.org>; bh=HjFwZ9X5CCPUMoF0h0bjVA+QcWLY3Gsewx5Ahp5T/Ts=; b=eeKT9tDudeCXkXQDln3UD9588ZFxJb3PyIMLuGFAeGRgnaAdU2bnQZGJMJl0VSk5o4XI40wm ylic/kqjX5HMOf6xVMbPmDcriAfCZz3B5K5QLI29vO8oE33iqn+P8p6R;
Authentication-Results: rtp-dkim-1; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
X-Spam-Score: -1.4 (-)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: cfrg@ietf.org
Subject: [Cfrg] Re: Comments on SIV and draft-dharkins-siv-aes-00
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
Hi Dan, On 10/21/07 10:07 PM, "Dan Harkins" <dharkins@lounge.org> wrote: > > Hi David, > > I think my response to your key derivation comment was wrong. > > On Thu, October 18, 2007 1:41 pm, mcgrew wrote: > [snip] >> For the key derivation application (Section 1.3.3), what would the SIV >> plaintext input be equal to? Would it be omitted? >> >> Also, I would guess that SIV-based key derivation would only be >> appropriate >> for deriving keys from a given key, and that it may not be suitable for >> use >> in deriving keys from data that is unpredictable but not uniformly random, >> as is used e.g. in Diffie-Hellman. At least, I believe that this is >> outside >> of the scope of what is claimed in the security analysis, and it would >> make >> sense to document that (after verifying with Phil and Tom). > > As I mentioned, there is no plaintext since it S2V that's doing the > key derivation but I let that cause me to misinterpret your subsequent > comment. S2V requires a key and if that key is not uniformly random I do > believe that it would be inappropriate to use. > > I'll verify with Phil and Tom and most likely come up with some text > to address this. > > Sorry for the brush off. I read one comment and let that cloud my > response to another. > > Dan. Not a problem, thanks for clarifying. David _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] Comments on SIV and draft-dharkins-siv-aes… mcgrew
- [Cfrg] Re: Comments on SIV and draft-dharkins-siv… Dan Harkins
- [Cfrg] Re: Comments on SIV and draft-dharkins-siv… Dan Harkins
- [Cfrg] Re: Comments on SIV and draft-dharkins-siv… mcgrew
- [Cfrg] Re: Comments on SIV and draft-dharkins-siv… mcgrew
- [Cfrg] Re: Comments on SIV and draft-dharkins-siv… Dan Harkins