[dtn-security] Re(4): Ciphersuite
Peter Lovell <plovell@mac.com> Thu, 16 July 2009 19:06 UTC
Received: from asmtpout015.mac.com (asmtpout015.mac.com [17.148.16.90]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6GJ6Gad020248 for <dtn-security@maillists.intel-research.net>; Thu, 16 Jul 2009 12:06:16 -0700
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="ISO-8859-1"
Received: from [192.168.4.98] (dsl092-149-198.wdc2.dsl.speakeasy.net [66.92.149.198]) by asmtp015.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMW00LVT2BDGE00@asmtp015.mac.com> for dtn-security@maillists.intel-research.net; Thu, 16 Jul 2009 12:04:28 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: Sushil Chaudhari <schaudhari@mzeal.com>, dtn-security@maillists.intel-research.net
Date: Thu, 16 Jul 2009 15:04:23 -0400
Message-id: <20090716190423.1267272697@smtp.mac.com>
In-reply-to: <20090716180755.89960.qmail@mzeal.com>
References: <20090716180755.89960.qmail@mzeal.com>
X-Mailer: CTM PowerMail version 6.0.2 build 4601 English (intel) <http://www.ctmdev.com>
Subject: [dtn-security] Re(4): Ciphersuite
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2009 19:06:16 -0000
On Thu, Jul 16, 2009, Sushil Chaudhari <schaudhari@mzeal.com> wrote: >Hi, > >It looks as PC3 ciphersuite actually implemented for AES GCM mode. If I >read RFC4106 correctly, it does provide confidentiality, data origin and >data integrity authentication... > >Apparently, it does fulfill the purpose of all 3 security blocks. > >Am I read something incorrectly? Your analysis is a bit to simplistic. PC3 does guarantee that the payload data (and only the payload data) has not been changed in transit. But there's no "certificate of authenticity". You do not know who originated the data. You know it is unmodified but you don't know if it's genuine. With PIB you get a signature from the sender so you know, within the constraints of your keying mechanism, who actually sent the data. Regards....Peter
- [dtn-security] Re(4): Ciphersuite Peter Lovell
- Re: [dtn-security] Re(2): Ciphersuite Sushil Chaudhari