Re: [Emu] EAP-GPSK: Ciphersuites
Lakshminath Dondeti <ldondeti@qualcomm.com> Tue, 22 August 2006 09:44 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFSoK-0006fj-CC; Tue, 22 Aug 2006 05:44:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFSoJ-0006fe-6F for emu@ietf.org; Tue, 22 Aug 2006 05:44:39 -0400
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFSoH-0008VA-Qg for emu@ietf.org; Tue, 22 Aug 2006 05:44:39 -0400
Received: from crowley.qualcomm.com (crowley.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k7M9iNS9016217 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 22 Aug 2006 02:44:23 -0700
Received: from LDONDETI.qualcomm.com (qconnect-10-50-72-125.qualcomm.com [10.50.72.125]) by crowley.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id k7M9iKqs022530 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 22 Aug 2006 02:44:22 -0700 (PDT)
Message-Id: <7.0.1.0.2.20060822174100.042f0df8@qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Tue, 22 Aug 2006 17:44:21 +0800
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [Emu] EAP-GPSK: Ciphersuites
In-Reply-To: <44EACA80.8090701@gmx.net>
References: <44E877FF.10000@gmx.net> <7.0.1.0.2.20060820151614.04592850@qualcomm.com> <44EACA80.8090701@gmx.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
I guess we agree to disagree. The addition integrity checksum is spurious in my view and I believe we can define things so that combined modes can be employed without encrypting anything, so I am somewhat confused here. What's your opinion on the latter part of my email? thanks, Lakshminath At 05:12 PM 8/22/2006, Hannes Tschofenig wrote: >Hi Lakshminath, > >Lakshminath Dondeti schrieb: >>At the expense of generating some confusion, here is my take on this: >>The objection is to having to carry multiple integrity checksums in >>GPSK, if we used the combined mode *and* an integrity algorithm. > >I don't agree with you. There is no reason to optimize a few bits in >a pre-shared secret method. >Note that we are not talking about a protocol for data transfer. >We wanted the flexibility to use different cipher suites. We do not >only want to use cipher suites that provide authenticated encryption >(since we almost have nothing to encrypt; currently 1 bit and almost >no EAP method provides this functionality). > >Ciao >Hannes > >>I think CCM is fine for instance, the only catch is that we need to >>make sure and define AAD for CCM carefully to include appropriate >>data into the integrity checksum calculation. So, once we define >>CCM as the mode, we shouldn't need AES-CMAC-128 if encryption is being used. >>I would suggest using CCM and specifying the use of it fully so it >>can be used without misunderstandings. If you want me to put some >>time into writing that up, let me know. >>cheers, >>Lakshminath >>At 10:55 PM 8/20/2006, Hannes Tschofenig wrote: >>>Hi all, >>> >>>the current version of the document >>>http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared-secret-01.txt >>>still supports AES-EAX: >>> >>> +-----------+----+-------------+---------------+--------------------+ >>> | CSuite/ | KS | Encryption | Integrity | Key Derivation | >>> | Specifier | | | | Function | >>> +-----------+----+-------------+---------------+--------------------+ >>> | 0x000001 | 16 | AES-EAX-128 | AES-CMAC-128 | GKDF-128 | >>> +-----------+----+-------------+---------------+--------------------+ >>> >>>At the IETF#66 EMU meeting AES CCM was suggested. >>> >>>Later, it got the impression that AES-CBC was more appreciated. >>>Should we update the draft with AES-CBC? >>> >>>Ciao >>>Hannes >>> >>> >>>_______________________________________________ >>>Emu mailing list >>>Emu@ietf.org >>>https://www1.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
- [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites M. Vanderveen
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- AW: [Emu] EAP-GPSK: Ciphersuites Tschofenig, Hannes
- Re: [Emu] EAP-GPSK: Ciphersuites Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Ray Bell
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- [Emu] RFC 2716bis update Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- RE: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew