Re: [Emu] EAP-GPSK: Ciphersuites
Charles Clancy <clancy@cs.umd.edu> Tue, 22 August 2006 11:04 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFU3k-0005Kp-Hl; Tue, 22 Aug 2006 07:04:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFU3j-0005Kk-N8 for emu@ietf.org; Tue, 22 Aug 2006 07:04:39 -0400
Received: from rwcrmhc11.comcast.net ([204.127.192.81]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFU3h-0008Hk-BQ for emu@ietf.org; Tue, 22 Aug 2006 07:04:39 -0400
Received: from [192.168.0.4] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (rwcrmhc11) with ESMTP id <20060822110436m11002tr2je>; Tue, 22 Aug 2006 11:04:36 +0000
Message-ID: <44EAE4C4.8020404@cs.umd.edu>
Date: Tue, 22 Aug 2006 07:04:36 -0400
From: Charles Clancy <clancy@cs.umd.edu>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [Emu] EAP-GPSK: Ciphersuites
References: <44E877FF.10000@gmx.net> <7.0.1.0.2.20060820151614.04592850@qualcomm.com> <44EACA80.8090701@gmx.net> <7.0.1.0.2.20060822174100.042f0df8@qualcomm.com>
In-Reply-To: <7.0.1.0.2.20060822174100.042f0df8@qualcomm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
Interesting idea, but what does it gain you? Why not just use an AES-CBC and CMAC ciphersuite? -- t. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy Lakshminath Dondeti wrote: > I guess we agree to disagree. The addition integrity checksum is > spurious in my view and I believe we can define things so that combined > modes can be employed without encrypting anything, so I am somewhat > confused here. What's your opinion on the latter part of my email? > > thanks, > Lakshminath > > At 05:12 PM 8/22/2006, Hannes Tschofenig wrote: >> Hi Lakshminath, >> >> Lakshminath Dondeti schrieb: >>> At the expense of generating some confusion, here is my take on this: >>> The objection is to having to carry multiple integrity checksums in >>> GPSK, if we used the combined mode *and* an integrity algorithm. >> >> I don't agree with you. There is no reason to optimize a few bits in a >> pre-shared secret method. >> Note that we are not talking about a protocol for data transfer. >> We wanted the flexibility to use different cipher suites. We do not >> only want to use cipher suites that provide authenticated encryption >> (since we almost have nothing to encrypt; currently 1 bit and almost >> no EAP method provides this functionality). >> >> Ciao >> Hannes >> >>> I think CCM is fine for instance, the only catch is that we need to >>> make sure and define AAD for CCM carefully to include appropriate >>> data into the integrity checksum calculation. So, once we define CCM >>> as the mode, we shouldn't need AES-CMAC-128 if encryption is being used. >>> I would suggest using CCM and specifying the use of it fully so it >>> can be used without misunderstandings. If you want me to put some >>> time into writing that up, let me know. >>> cheers, >>> Lakshminath >>> At 10:55 PM 8/20/2006, Hannes Tschofenig wrote: >>>> Hi all, >>>> >>>> the current version of the document >>>> http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared-secret-01.txt >>>> still supports AES-EAX: >>>> >>>> >>>> +-----------+----+-------------+---------------+--------------------+ >>>> | CSuite/ | KS | Encryption | Integrity | Key >>>> Derivation | >>>> | Specifier | | | | >>>> Function | >>>> >>>> +-----------+----+-------------+---------------+--------------------+ >>>> | 0x000001 | 16 | AES-EAX-128 | AES-CMAC-128 | >>>> GKDF-128 | >>>> >>>> +-----------+----+-------------+---------------+--------------------+ >>>> >>>> At the IETF#66 EMU meeting AES CCM was suggested. >>>> >>>> Later, it got the impression that AES-CBC was more appreciated. >>>> Should we update the draft with AES-CBC? >>>> >>>> Ciao >>>> Hannes >>>> >>>> >>>> _______________________________________________ >>>> Emu mailing list >>>> Emu@ietf.org >>>> https://www1.ietf.org/mailman/listinfo/emu > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www1.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
- [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites M. Vanderveen
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- AW: [Emu] EAP-GPSK: Ciphersuites Tschofenig, Hannes
- Re: [Emu] EAP-GPSK: Ciphersuites Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Ray Bell
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- [Emu] RFC 2716bis update Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- RE: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew