Re: [Cfrg] New Version Notification for draft-mcgrew-aead-aes-cbc-hmac-sha2-03.txt
David McGrew <mcgrew@cisco.com> Fri, 14 February 2014 11:06 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B79A1A021A for <cfrg@ietfa.amsl.com>; Fri, 14 Feb 2014 03:06:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.048
X-Spam-Level:
X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8q3wFfwwD9ob for <cfrg@ietfa.amsl.com>; Fri, 14 Feb 2014 03:05:57 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA841A0221 for <cfrg@irtf.org>; Fri, 14 Feb 2014 03:05:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11787; q=dns/txt; s=iport; t=1392375951; x=1393585551; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=cGdxyJMDBYC8t0UoZEkcIRQaldGdAuZWryFK20bT/3M=; b=NoT507uL5Vb2p3pnH89GdvwkphBnF6ptwPnM+ECAwLITSjC3Tq0AYGtN Scc+fVXpWdoeFv1U7h+/DMP0xwGmiLKXnQ+/QJjkxcMA1sVsHfbV6IlOs xxVXHt1j38fcLxXcOuyKKzAsyZElkerM4LpZhw/3gKLZ6HAVhit0OfOXx w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlwFAH33/VKtJV2Z/2dsb2JhbABZgwY4UYMIhV22U4EWFnSCJQEBAQMBAQEBIEsJAQEQCxgJFggDAgIJAwIBAgEVHxEGDQEFAgIFh3QICAWmbqF/F4xQgikHCYJmgUkEiUiOZIEyhRWLXIFvgVwegSwk
X-IronPort-AV: E=Sophos; i="4.95,844,1384300800"; d="scan'208,217"; a="20438204"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-2.cisco.com with ESMTP; 14 Feb 2014 11:05:49 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8913.cisco.com [10.117.10.228]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s1EB5nsX022751; Fri, 14 Feb 2014 11:05:49 GMT
Message-ID: <52FDF88F.3040209@cisco.com>
Date: Fri, 14 Feb 2014 06:05:51 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <20140214004117.27381.4308.idtracker@ietfa.amsl.com> <52FD6815.70402@cisco.com> <CACsn0ckjNvq1=k3krVt9sK6fCtWwCv+8XkJWJiqxn-Qg=1Rq_g@mail.gmail.com>
In-Reply-To: <CACsn0ckjNvq1=k3krVt9sK6fCtWwCv+8XkJWJiqxn-Qg=1Rq_g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------070404050603060104050509"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/u3Q2JZGCfvCfnf9fTkMA8l_MZK4
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] New Version Notification for draft-mcgrew-aead-aes-cbc-hmac-sha2-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2014 11:06:02 -0000
On 02/13/2014 08:44 PM, Watson Ladd wrote: > > > > On Thu, Feb 13, 2014 at 4:49 PM, David McGrew <mcgrew@cisco.com > <mailto:mcgrew@cisco.com>> wrote: > > Hi, > > the latest version of this draft is out. Thanks are due to Jim > Schaad and Rob Napier for their feedback on version 02. > > The goals of this draft are to provide an authenticated encryption > scheme suitable for use in those cases where CBC and HMAC are > available, but no dedicated AE schemes are available. Also, it > doesn't require deterministic nonces, which itself is useful in > some situations. > > It might be nice to add a description of how IVs can be > pseudorandomly generated. It would be especially useful to > generate the IV using the same key as used for encryption, with an > unpredictable counter, or something like that. Is anyone aware > of a security proof that could be cited for that sort of > technique? I think that some systems would have a much easier > time maintaining a counter than they would generating truly random > IVs, which is reasonable motivation in my opinion. Glad to hear > other thoughts on this subject. > > > Doesn't the usual PRF definition give you exactly this? Yes; the only tricky bit is showing that using the CBC encryption key to generate pseudorandom IVs doesn't affect CBC encryption security. I'm sure that it can be done securely, but I don't know of a proof of security (for using a single key for both CBC and to generate IVs) that I can point to. David > > > David > > -- > > A new version of I-D, draft-mcgrew-aead-aes-cbc-hmac-sha2-03.txt > has been successfully submitted by David McGrew and posted to the > IETF repository. > > Name: draft-mcgrew-aead-aes-cbc-hmac-sha2 > Revision: 03 > Title: Authenticated Encryption with AES-CBC and HMAC-SHA > Document date: 2014-02-13 > Group: Individual Submission > Pages: 29 > URL:http://www.ietf.org/internet-drafts/draft-mcgrew-aead-aes-cbc-hmac-sha2-03.txt > Status:https://datatracker.ietf.org/doc/draft-mcgrew-aead-aes-cbc-hmac-sha2/ > Htmlized:http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-03 > Diff:http://www.ietf.org/rfcdiff?url2=draft-mcgrew-aead-aes-cbc-hmac-sha2-03 > > Abstract: > This document specifies algorithms for authenticated encryption with > associated data (AEAD) that are based on the composition of the > Advanced Encryption Standard (AES) in the Cipher Block Chaining (CBC) > mode of operation for encryption, and the HMAC-SHA message > authentication code (MAC). > > These are randomized encryption algorithms, and thus are suitable for > use with applications that cannot provide distinct nonces to each > invocation of the AEAD encrypt operation. > > > > > > > > > > > > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available attools.ietf.org <http://tools.ietf.org>. > > The IETF Secretariat > > . > > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org <mailto:Cfrg@irtf.org> > http://www.irtf.org/mailman/listinfo/cfrg > > > > > -- > "Those who would give up Essential Liberty to purchase a little > Temporary Safety deserve neither Liberty nor Safety." > -- Benjamin Franklin
- Re: [Cfrg] New Version Notification for draft-mcg… Manger, James
- Re: [Cfrg] New Version Notification for draft-mcg… Watson Ladd
- [Cfrg] New Version Notification for draft-mcgrew-… David McGrew
- Re: [Cfrg] New Version Notification for draft-mcg… Manger, James
- Re: [Cfrg] New Version Notification for draft-mcg… David Jacobson
- Re: [Cfrg] New Version Notification for draft-mcg… David McGrew
- Re: [Cfrg] New Version Notification for draft-mcg… David McGrew
- Re: [Cfrg] New Version Notification for draft-mcg… David McGrew
- Re: [Cfrg] New Version Notification for draft-mcg… Watson Ladd
- Re: [Cfrg] New Version Notification for draft-mcg… Paterson, Kenny
- Re: [Cfrg] New Version Notification for draft-mcg… David Jacobson