IETF Logo Mail Archive

RE: [Emu] EAP-GPSK: Ciphersuites

"Joseph Salowey \(jsalowey\)" <jsalowey@cisco.com> Mon, 28 August 2006 18:19 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHlhN-00033v-Lw; Mon, 28 Aug 2006 14:19:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHlhL-00033q-SY for emu@ietf.org; Mon, 28 Aug 2006 14:18:59 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHl1Z-0002qK-EY for emu@ietf.org; Mon, 28 Aug 2006 13:35:49 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GHl0B-00021P-J8 for emu@ietf.org; Mon, 28 Aug 2006 13:34:25 -0400
Received: from sj-dkim-8.cisco.com ([171.68.10.93]) by sj-iport-6.cisco.com with ESMTP; 28 Aug 2006 10:34:23 -0700
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-8.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7SHYM7A031129; Mon, 28 Aug 2006 10:34:22 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k7SHYM6Y018110; Mon, 28 Aug 2006 10:34:22 -0700 (PDT)
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 28 Aug 2006 10:34:22 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Emu] EAP-GPSK: Ciphersuites
Date: Mon, 28 Aug 2006 10:34:20 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE502580421@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Emu] EAP-GPSK: Ciphersuites
Thread-Index: AcbF2scsPQGlfSwvT2qIo2knAS/wJgE7DSiw
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: Charles Clancy <clancy@cs.umd.edu>, Lakshminath Dondeti <ldondeti@qualcomm.com>
X-OriginalArrivalTime: 28 Aug 2006 17:34:22.0468 (UTC) FILETIME=[33020C40:01C6CAC8]
DKIM-Signature: a=rsa-sha1; q=dns; l=4166; t=1156786462; x=1157650462; c=relaxed/relaxed; s=sjdkim8002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:RE=3A=20[Emu]=20EAP-GPSK=3A=20Ciphersuites; X=v=3Dcisco.com=3B=20h=3D2dulrjaYeLr0EwCAImBrFO70zqA=3D; b=ThgbNzX8FnkfzQRxdW4omWYvlByMMnBAZbFMVyxx1Fsi3TGWiF5FuPJfQCl+cR/WEQwnSigd 53mQGLGuku769lHidc1zctKj3Sm/wOF/o7BVBUvogX/KWd+z6/PASjcZ;
Authentication-Results: sj-dkim-8.cisco.com; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: -2.6 (--)
X-Scan-Signature: b132cb3ed2d4be2017585bf6859e1ede
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org

We want to define GPSK as a framework that can accommodate new
algorithms when they are available.  I believe that Lakshminath is
looking to allow optimizations within this framework in the case where a
combined mode cipher is used.  At this point I'm not sure how much
complexity this would add to the specification.  If it can be done
simply then it might be worthwhile pursuing,  perhaps David McGrew's
AEAD specification would help here.

 

> -----Original Message-----
> From: Charles Clancy [mailto:clancy@cs.umd.edu] 
> Sent: Tuesday, August 22, 2006 4:05 AM
> To: Lakshminath Dondeti
> Cc: emu@ietf.org
> Subject: Re: [Emu] EAP-GPSK: Ciphersuites
> 
> Interesting idea, but what does it gain you?  Why not just 
> use an AES-CBC and CMAC ciphersuite?
> 
> --
> t. charles clancy, ph.d.  |  tcc@umd.edu  |  www.cs.umd.edu/~clancy
> 
> Lakshminath Dondeti wrote:
> > I guess we agree to disagree.  The addition integrity checksum is 
> > spurious in my view and I believe we can define things so that 
> > combined modes can be employed without encrypting anything, so I am 
> > somewhat confused here.  What's your opinion on the latter 
> part of my email?
> > 
> > thanks,
> > Lakshminath
> > 
> > At 05:12 PM 8/22/2006, Hannes Tschofenig wrote:
> >> Hi Lakshminath,
> >>
> >> Lakshminath  Dondeti schrieb:
> >>> At the expense of generating some confusion, here is my 
> take on this:
> >>> The objection is to having to carry multiple integrity 
> checksums in 
> >>> GPSK, if we used the combined mode *and* an integrity algorithm.
> >>
> >> I don't agree with you. There is no reason to optimize a 
> few bits in 
> >> a pre-shared secret method.
> >> Note that we are not talking about a protocol for data transfer.
> >> We wanted the flexibility to use different cipher suites. 
> We do not 
> >> only want to use cipher suites that provide authenticated 
> encryption 
> >> (since we almost have nothing to encrypt; currently 1 bit 
> and almost 
> >> no EAP method provides this functionality).
> >>
> >> Ciao
> >> Hannes
> >>
> >>> I think CCM is fine for instance, the only catch is that 
> we need to 
> >>> make sure and define AAD for CCM carefully to include appropriate 
> >>> data into the integrity checksum calculation.  So, once we define 
> >>> CCM as the mode, we shouldn't need AES-CMAC-128 if 
> encryption is being used.
> >>> I would suggest using CCM and specifying the use of it 
> fully so it 
> >>> can be used without misunderstandings.  If you want me to 
> put some 
> >>> time into writing that up, let me know.
> >>> cheers,
> >>> Lakshminath
> >>> At 10:55 PM 8/20/2006, Hannes Tschofenig wrote:
> >>>> Hi all,
> >>>>
> >>>> the current version of the document 
> >>>> 
> http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared-secret-01.
> >>>> txt
> >>>> still supports AES-EAX:
> >>>>
> >>>>    
> >>>> 
> +-----------+----+-------------+---------------+--------------------+
> >>>>    | CSuite/   | KS | Encryption  | Integrity     | Key 
> >>>> Derivation     |
> >>>>    | Specifier |    |             |               | 
> >>>> Function           |
> >>>>    
> >>>> 
> +-----------+----+-------------+---------------+--------------------+
> >>>>    | 0x000001  | 16 | AES-EAX-128 | AES-CMAC-128  | 
> >>>> GKDF-128           |
> >>>>    
> >>>> 
> +-----------+----+-------------+---------------+--------------------+
> >>>>
> >>>> At the IETF#66 EMU meeting AES CCM was suggested.
> >>>>
> >>>> Later, it got the impression that AES-CBC was more appreciated. 
> >>>> Should we update the draft with AES-CBC?
> >>>>
> >>>> Ciao
> >>>> Hannes
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Emu mailing list
> >>>> Emu@ietf.org
> >>>> https://www1.ietf.org/mailman/listinfo/emu
> > 
> > 
> > _______________________________________________
> > Emu mailing list
> > Emu@ietf.org
> > https://www1.ietf.org/mailman/listinfo/emu
> 
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
> 

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email