Re: [cicm] comments on CICM
"David A. McGrew" <david.a.mcgrew@mindspring.com> Wed, 03 August 2011 18:15 UTC
Return-Path: <david.a.mcgrew@mindspring.com>
X-Original-To: cicm@ietfa.amsl.com
Delivered-To: cicm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6CF921F8A57 for <cicm@ietfa.amsl.com>; Wed, 3 Aug 2011 11:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.452
X-Spam-Level:
X-Spam-Status: No, score=-1.452 tagged_above=-999 required=5 tests=[AWL=1.147, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I5AUjUPakiUG for <cicm@ietfa.amsl.com>; Wed, 3 Aug 2011 11:15:35 -0700 (PDT)
Received: from elasmtp-galgo.atl.sa.earthlink.net (elasmtp-galgo.atl.sa.earthlink.net [209.86.89.61]) by ietfa.amsl.com (Postfix) with ESMTP id 2F8D821F8A23 for <cicm@ietf.org>; Wed, 3 Aug 2011 11:15:35 -0700 (PDT)
Received: from [69.251.37.177] (helo=stealth-10-32-254-211.cisco.com) by elasmtp-galgo.atl.sa.earthlink.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.67) (envelope-from <david.a.mcgrew@mindspring.com>) id 1Qofyr-00064p-0I for cicm@ietf.org; Wed, 03 Aug 2011 14:15:45 -0400
Message-Id: <B7D1DC77-97E4-46A8-A70F-B342B66B4423@mindspring.com>
From: "David A. McGrew" <david.a.mcgrew@mindspring.com>
To: CICM Discussion List <cicm@ietf.org>
In-Reply-To: <E48B962F2B71EC4C97EF42A839D0F2DE05F3B8B614@IMCMBX1.MITRE.ORG>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Wed, 03 Aug 2011 11:15:43 -0700
References: <99256CA4-47EB-444A-9D5C-29EEEF3C81D5@mindspring.com> <MLQM-20110803104111367-85835@mlite.mitre.org> <E48B962F2B71EC4C97EF42A839D0F2DE05F3B8B614@IMCMBX1.MITRE.ORG>
X-Mailer: Apple Mail (2.936)
X-ELNK-Trace: ad1f9a46c4c7bfd19649176a89d694c0f43c108795ac4507fb1ad3334e09ac4591ca2b786f22b3b1350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 69.251.37.177
Subject: Re: [cicm] comments on CICM
X-BeenThere: cicm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: CICM Discussion List <cicm@ietf.org>
List-Id: CICM Discussion List <cicm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cicm>, <mailto:cicm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cicm>
List-Post: <mailto:cicm@ietf.org>
List-Help: <mailto:cicm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cicm>, <mailto:cicm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 18:15:36 -0000
On Aug 3, 2011, at 7:49 AM, Cottrell Jr., James R. wrote: > David McGrew, > > In your email you stated " Considering that AES-GCM is required for > Suite B, and the Suite B RFCs > all cite RFC 5116, the lack of AEAD support appears problematic" > > Can you please provide an authoritative document stating this > requirement? > Let me use TLS as an example. The AEAD facility in TLS 1.2 is based on RFC 5116. For Suite B, RFC 5430 requires RFC 5289, which requires RFC 5288, which has RFC 5116 as a normative reference. In the quote above, I said "all". I may have been wrong on that; I was rushing to get my comments out before the CICM BoF. But I stand by the broader point, which is that support for AEAD would be essential. David > Thanks, > > Jim Cottrell > > -----Original Message----- > From: cicm-bounces@ietf.org [mailto:cicm-bounces@ietf.org] On Behalf > Of Novikov, Lev > Sent: Wednesday, August 03, 2011 10:03 AM > To: CICM Discussion List (cicm@ietf.org) > Subject: [cicm] FW: comments on CICM > > FYI: Below is an insightful email from David McGrew that does not > appear to have made it to the mailing list nor was it held for > moderation so the list never saw it. > > Lev > > -----Original Message----- > From: David A. McGrew [mailto:david.a.mcgrew@mindspring.com] > Sent: Wednesday, July 27, 2011 14:39 > To: cicm@ietf.org; Lanz, Dan; Novikov, Lev > Subject: comments on CICM > > Hi Lev and Daniel, > > I skimmed the CICM documents and have several comments. > > It seems that the major goal for CICM is multi-vendor support. > Worthwhile goal, but what crypto hardware vendors whose products > support IETF standards are participating in this effort? > > RFC 5116 defines a standard interface to Authenticated Encryption with > Associated Data (AEAD) algorithms, which is used by TLS 1.2, SSH, > SRTP, IKE, and SMIME, and is backwards compatible with ESP. The AEAD > interface is simple (two defined messages, four inputs and one output > each), and AEAD is widely regarded as the state of the art in security > and efficiency (including both OCB and GCM, for instance). It appears > that CICM is not compatible with this interface, in which case it > would be a real step backwards. (If CICM does support AEAD, it is not > clear to me how it does. Am I missing something?) > > CICM is intended for use in a high assurance crypto module. > Considering that AES-GCM is required for Suite B, and the Suite B RFCs > all cite RFC 5116, the lack of AEAD support appears problematic. > > The use cases for which CICM is intended are those where > "cryptographic transformation of data initiated in one security > domain with the result made available in another security domain"; > three cases are given, two of which are HAIPE. So clearly the CICM > design has been driven by high assurance requirements that are highly > security conscious and not publicly available. My question here is: > how will the CICM design make implementations of IETF security > protocols better? If CICM is tightly bound to non-public protocols, > it will not have much relevance to the IETF. On the other hand, if > there is a document that shows how a high assurance design approach > can be used in an IETF standard like TLS or IPsec, that could be > valuable. It could be a good contribution to the IETF to provide > implementation criteria or design approaches that are applicable to > internet standards. I think there would be a good amount of interest > in this sort of work, and in fact I would be very happy to see that > sort of document show up in IRTF CFRG. > > An important nit: MD5 is used as an example on pg 24 of draft-lanz- > cicm-02. It has been deprecated by RFC 6151; I encourage that a > different hash be used as an example. > > regards, > > David > > _______________________________________________ > cicm mailing list > cicm@ietf.org > https://www.ietf.org/mailman/listinfo/cicm > > _______________________________________________ > cicm mailing list > cicm@ietf.org > https://www.ietf.org/mailman/listinfo/cicm
- [cicm] FW: comments on CICM Novikov, Lev
- Re: [cicm] FW: comments on CICM Davidson, John A.
- Re: [cicm] comments on CICM Cottrell Jr., James R.
- Re: [cicm] comments on CICM Krishnamurthy, Hema - ES
- Re: [cicm] comments on CICM David A. McGrew
- Re: [cicm] comments on CICM Cottrell Jr., James R.
- Re: [cicm] comments on CICM David A. McGrew
- Re: [cicm] FW: comments on CICM David A. McGrew
- Re: [cicm] FW: comments on CICM Davidson, John A.
- Re: [cicm] FW: comments on CICM jmitola
- Re: [cicm] FW: comments on CICM Alfonso De Gregorio