IETF Logo Mail Archive

Re: [Cfrg] GCM nonce reuse question

Russ Housley <housley@vigilsec.com> Tue, 02 April 2013 19:53 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5BDF21F8C0C for <cfrg@ietfa.amsl.com>; Tue, 2 Apr 2013 12:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.564
X-Spam-Level:
X-Spam-Status: No, score=-102.564 tagged_above=-999 required=5 tests=[AWL=0.034, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUmlcN6S71hs for <cfrg@ietfa.amsl.com>; Tue, 2 Apr 2013 12:53:08 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 525C121F8BEA for <cfrg@irtf.org>; Tue, 2 Apr 2013 12:53:08 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id 1E912F24076; Tue, 2 Apr 2013 15:53:42 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id QaQ-cpuabIIp; Tue, 2 Apr 2013 15:53:03 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-28-60-169.washdc.fios.verizon.net [108.28.60.169]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 057A6F24077; Tue, 2 Apr 2013 15:53:40 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary="Apple-Mail-32-78127876"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <3727A8A4-FA6E-4EC2-859C-C1C40E98108E@ve7jtb.com>
Date: Tue, 02 Apr 2013 15:53:04 -0400
Message-Id: <489782CF-0C9F-4DFE-A82D-087247209933@vigilsec.com>
References: <006a01ce2b3c$8f0d03b0$ad270b10$@augustcellars.com> <747787E65E3FBD4E93F0EB2F14DB556B183EF2E3@xmb-rcd-x04.cisco.com> <4E1F6AAD24975D4BA5B1680429673943675A0978@TK5EX14MBXC283.redmond.corp.microsoft.com> <004e01ce2fb9$74979730$5dc6c590$@augustcellars.com> <4EC6AC2C-8EE6-4433-8302-E884DD0B3C06@ve7jtb.com> <6BDAB42A-B894-40E7-ADB9-4DB4337A73EE@vigilsec.com> <3727A8A4-FA6E-4EC2-859C-C1C40E98108E@ve7jtb.com>
To: John Bradley <ve7jtb@ve7jtb.com>
X-Mailer: Apple Mail (2.1085)
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] GCM nonce reuse question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 19:53:08 -0000

John:

> In CMS the recipient-info values are not normally integrity protected.

Indeed.  If the things that are carried here are altered, then one of two things happens: (1) a value needed to compute the proper key is altered, which prevents the decrypt from working at all; or (2) a value for the recipient to locate their portion of the recipient information is altered, which prevents the intended recipient from decrypting the content.  In either case, the recipient is not fooled into accepting anything that is surprising to the sender.

Russ

v2.23.0 | Report a Bug | By Email