IETF Logo Mail Archive

Re: [Emu] EAP-GPSK: Ciphersuites

Lakshminath Dondeti <ldondeti@qualcomm.com> Sun, 20 August 2006 22:23 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEvhG-0000VI-3p; Sun, 20 Aug 2006 18:23:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEvhE-0000VC-NH for emu@ietf.org; Sun, 20 Aug 2006 18:23:08 -0400
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GEvhD-0001tw-B9 for emu@ietf.org; Sun, 20 Aug 2006 18:23:08 -0400
Received: from crowley.qualcomm.com (crowley.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k7KMN3ZP030257 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 20 Aug 2006 15:23:04 -0700
Received: from LDONDETI.qualcomm.com (qconnect-10-50-64-52.qualcomm.com [10.50.64.52]) by crowley.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id k7KMMxOO015830 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 20 Aug 2006 15:23:02 -0700 (PDT)
Message-Id: <7.0.1.0.2.20060820151614.04592850@qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Sun, 20 Aug 2006 15:23:02 +0800
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, emu@ietf.org
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [Emu] EAP-GPSK: Ciphersuites
In-Reply-To: <44E877FF.10000@gmx.net>
References: <44E877FF.10000@gmx.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc:
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org

At the expense of generating some confusion, here is my take on this:

The objection is to having to carry multiple integrity checksums in 
GPSK, if we used the combined mode *and* an integrity algorithm.

I think CCM is fine for instance, the only catch is that we need to 
make sure and define AAD for CCM carefully to include appropriate 
data into the integrity checksum calculation.  So, once we define CCM 
as the mode, we shouldn't need AES-CMAC-128 if encryption is being used.

I would suggest using CCM and specifying the use of it fully so it 
can be used without misunderstandings.  If you want me to put some 
time into writing that up, let me know.

cheers,
Lakshminath

At 10:55 PM 8/20/2006, Hannes Tschofenig wrote:
>Hi all,
>
>the current version of the document
>http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared-secret-01.txt
>still supports AES-EAX:
>
>    +-----------+----+-------------+---------------+--------------------+
>    | CSuite/   | KS | Encryption  | Integrity     | Key Derivation     |
>    | Specifier |    |             |               | Function           |
>    +-----------+----+-------------+---------------+--------------------+
>    | 0x000001  | 16 | AES-EAX-128 | AES-CMAC-128  | GKDF-128           |
>    +-----------+----+-------------+---------------+--------------------+
>
>At the IETF#66 EMU meeting AES CCM was suggested.
>
>Later, it got the impression that AES-CBC was more appreciated. 
>Should we update the draft with AES-CBC?
>
>Ciao
>Hannes
>
>
>_______________________________________________
>Emu mailing list
>Emu@ietf.org
>https://www1.ietf.org/mailman/listinfo/emu


_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email