Re: [Cfrg] Authenticated Encryption with AES-CBC and HMAC-SHA, version 01

Russ Housley <housley@vigilsec.com> Sun, 18 November 2012 12:45 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8937721F84C0 for <cfrg@ietfa.amsl.com>; Sun, 18 Nov 2012 04:45:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level:
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5A9yz8A2dt5 for <cfrg@ietfa.amsl.com>; Sun, 18 Nov 2012 04:45:39 -0800 (PST)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 71B1321F84B9 for <cfrg@irtf.org>; Sun, 18 Nov 2012 04:45:39 -0800 (PST)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id 85BFA9A4006; Sun, 18 Nov 2012 07:45:44 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id TjBKGZGNrKKm; Sun, 18 Nov 2012 07:45:33 -0500 (EST)
Received: from [5.5.33.15] (vpn.snozzages.com [204.194.22.7]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id AAA919A4002; Sun, 18 Nov 2012 07:45:37 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary=Apple-Mail-91--874108683
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943668B026C@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Sun, 18 Nov 2012 07:45:29 -0500
Message-Id: <FE2BC73F-41FA-4B5B-900C-117749CEEBAC@vigilsec.com>
References: <747787E65E3FBD4E93F0EB2F14DB556B0F50A96C@xmb-rcd-x04.cisco.com> <4E1F6AAD24975D4BA5B1680429673943668B026C@TK5EX14MBXC283.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1085)
Cc: IRTF CFRG <cfrg@irtf.org>, jose@ietf.org
Subject: Re: [Cfrg] Authenticated Encryption with AES-CBC and HMAC-SHA, version 01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2012 12:45:40 -0000

Have you looked at the algorithm in RFC 6476?  While the discussion is CMS-specific, the algorithm could be used with another syntax.

Russ


On Nov 12, 2012, at 1:55 PM, Mike Jones wrote:

> As background, if there was a version of this spec that did not assume that the parameters would be concatenated together in a specific way, but left them as independent inputs and outputs, as AES GCM and AES CTR do, it would be a better match for JOSE’s use case.
>  
>                                                             -- Mike
>  
> From: cfrg-bounces@irtf.org [mailto:cfrg-bounces@irtf.org] On Behalf Of David McGrew (mcgrew)
> Sent: Monday, November 12, 2012 10:21 AM
> To: cfrg@irtf.org; jose@ietf.org
> Subject: [Cfrg] Authenticated Encryption with AES-CBC and HMAC-SHA, version 01
>  
> Hi,
>  
> There is a new version of "Authenticated Encryption with AES-CBC and HMAC-SHA", and I would appreciate your review.   It is online at <https://datatracker.ietf.org/doc/draft-mcgrew-aead-aes-cbc-hmac-sha2/?include_text=1>   The diff between the current and the previous version is available at <http://www.ietf.org/rfcdiff?url2=draft-mcgrew-aead-aes-cbc-hmac-sha2-01>
>  
> This draft has been proposed for use in the JOSE WG <http://datatracker.ietf.org/wg/jose/> , where its adoption would allow the working group to omit "raw" unauthenticated encryption, e.g. AES-CBC, and only include authenticated encryption.   Thus I am asking for your help in making 
>  
> John Foley generated test cases that correspond to the current version of the draft, but I didn't include these in the draft because I did not yet get confirmation from a second independent implementation.   With hope, there will not be any need for any normative changes, and I will include these after I get confirmation.  
>  
> Thanks,
>  
> David
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg