Re: [Emu] EAP-GPSK: Ciphersuites
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Tue, 22 August 2006 09:12 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFSJE-0004e0-5o; Tue, 22 Aug 2006 05:12:32 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFSJC-0004dr-Hc for emu@ietf.org; Tue, 22 Aug 2006 05:12:30 -0400
Received: from mail.gmx.de ([213.165.64.20] helo=mail.gmx.net) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GFSJB-0003zI-3h for emu@ietf.org; Tue, 22 Aug 2006 05:12:30 -0400
Received: (qmail invoked by alias); 22 Aug 2006 09:12:28 -0000
Received: from socks1.netz.sbs.de (EHLO [192.35.17.26]) [192.35.17.26] by mail.gmx.net (mp010) with SMTP; 22 Aug 2006 11:12:28 +0200
X-Authenticated: #29516787
Message-ID: <44EACA80.8090701@gmx.net>
Date: Tue, 22 Aug 2006 11:12:32 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [Emu] EAP-GPSK: Ciphersuites
References: <44E877FF.10000@gmx.net> <7.0.1.0.2.20060820151614.04592850@qualcomm.com>
In-Reply-To: <7.0.1.0.2.20060820151614.04592850@qualcomm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
Hi Lakshminath, Lakshminath Dondeti schrieb: > At the expense of generating some confusion, here is my take on this: > > The objection is to having to carry multiple integrity checksums in > GPSK, if we used the combined mode *and* an integrity algorithm. I don't agree with you. There is no reason to optimize a few bits in a pre-shared secret method. Note that we are not talking about a protocol for data transfer. We wanted the flexibility to use different cipher suites. We do not only want to use cipher suites that provide authenticated encryption (since we almost have nothing to encrypt; currently 1 bit and almost no EAP method provides this functionality). Ciao Hannes > > I think CCM is fine for instance, the only catch is that we need to make > sure and define AAD for CCM carefully to include appropriate data into > the integrity checksum calculation. So, once we define CCM as the mode, > we shouldn't need AES-CMAC-128 if encryption is being used. > > I would suggest using CCM and specifying the use of it fully so it can > be used without misunderstandings. If you want me to put some time into > writing that up, let me know. > > cheers, > Lakshminath > > At 10:55 PM 8/20/2006, Hannes Tschofenig wrote: >> Hi all, >> >> the current version of the document >> http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared-secret-01.txt >> still supports AES-EAX: >> >> +-----------+----+-------------+---------------+--------------------+ >> | CSuite/ | KS | Encryption | Integrity | Key Derivation | >> | Specifier | | | | Function | >> +-----------+----+-------------+---------------+--------------------+ >> | 0x000001 | 16 | AES-EAX-128 | AES-CMAC-128 | GKDF-128 | >> +-----------+----+-------------+---------------+--------------------+ >> >> At the IETF#66 EMU meeting AES CCM was suggested. >> >> Later, it got the impression that AES-CBC was more appreciated. Should >> we update the draft with AES-CBC? >> >> Ciao >> Hannes >> >> >> _______________________________________________ >> Emu mailing list >> Emu@ietf.org >> https://www1.ietf.org/mailman/listinfo/emu > > _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
- [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites M. Vanderveen
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- AW: [Emu] EAP-GPSK: Ciphersuites Tschofenig, Hannes
- Re: [Emu] EAP-GPSK: Ciphersuites Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Ray Bell
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- [Emu] RFC 2716bis update Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- RE: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew