IETF Logo Mail Archive

Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC

"Matt Ball" <matt.ball@ieee.org> Wed, 14 January 2009 13:02 UTC

Return-Path: <keyprov-bounces@ietf.org>
X-Original-To: keyprov-archive@optimus.ietf.org
Delivered-To: ietfarch-keyprov-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C43D3A6B42; Wed, 14 Jan 2009 05:02:20 -0800 (PST)
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29D263A6B42 for <keyprov@core3.amsl.com>; Wed, 14 Jan 2009 05:02:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.976
X-Spam-Level:
X-Spam-Status: No, score=-101.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYnpXrBoHat5 for <keyprov@core3.amsl.com>; Wed, 14 Jan 2009 05:02:17 -0800 (PST)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by core3.amsl.com (Postfix) with ESMTP id 8C3EC3A63EC for <keyprov@ietf.org>; Wed, 14 Jan 2009 05:02:17 -0800 (PST)
Received: by rv-out-0506.google.com with SMTP id b25so613093rvf.49 for <keyprov@ietf.org>; Wed, 14 Jan 2009 05:02:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type:references :x-google-sender-auth; bh=6A/Q2n4+yZrny2aQXkDpOUKyDsM/IuiPyQJzYpWaXRE=; b=Tn3ZU6pG+zrHncIxni6raHQvzlTnt8BcVslPSPQaVepGGsZk8mWNPHbvsYI/todTjP WYaXxY53WwlzX4tQ3pdbqQpmAPnvlzYph2TdRPCCFeBHp2fByffppjKNKjEhfw3KekxX 0y2tWuCctm5y/z4TJyYgA12wvDRl6whV+wVRE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=UsYZnYSzUNY8Iv6S9wWBceYwvsvkzU8WE0RFq+q64Ru3vl0ITh+z7TP205fI1b5tYC zDqcbfBFAhlXEW2Rr6Y7a2+SVElhCVRxM+y9LV5diA0fFJIA1CG1z7U+HqEu5Ph1H9wy g0z/eZg+yQWsVyCOxeLqtnqOhDJs3XVPColzU=
Received: by 10.141.122.1 with SMTP id z1mr18187rvm.49.1231936169790; Wed, 14 Jan 2009 04:29:29 -0800 (PST)
Received: by 10.140.40.7 with HTTP; Wed, 14 Jan 2009 04:29:29 -0800 (PST)
Message-ID: <ed843b100901140429x7f229084jd6e1090c45ff1e85@mail.gmail.com>
Date: Wed, 14 Jan 2009 05:29:29 -0700
From: Matt Ball <matt.ball@ieee.org>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <032401c9750a$6d5130d0$0201a8c0@nsnintra.net>
MIME-Version: 1.0
References: <3E5A2F1AD44F5E49A74F79AB47C0C0C92C37AD@mou1wnexmb10.vcorp.ad.vrsn.com> <5BFE9E473DBFC24CA87F18F29B3F0AC403EB7007@sur-corp-ex-02.corp.ad.activcard.com> <3E5A2F1AD44F5E49A74F79AB47C0C0C901181CB4@mou1wnexmb10.vcorp.ad.vrsn.com> <032401c9750a$6d5130d0$0201a8c0@nsnintra.net>
X-Google-Sender-Auth: 2832bc838ecf586f
Cc: keyprov@ietf.org
Subject: Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1856644169=="
Sender: keyprov-bounces@ietf.org
Errors-To: keyprov-bounces@ietf.org

Hi Folks,

>From a NIST (i.e., FIPS 140-2) point-of-view, the only currently approved
symmetric algorithm for protecting keys is AES Key Wrap (e.g., KW-AES-128).
NIST will likely expand the list of approved algorithms in the next couple
years, but I'm sure that they will always have a requirement to include both
confidentiality and integrity.  For this reason, if the decision is for
AES-128-CBC, I would recommend adding an HMAC-SHA for integrity.  AES Key
Wrap already adds in a 64-bit integrity check, so this comes for 'free'.

Preferences:
1) AES Key Wrap
2) AES-CBC with HMAC-SHA

Cheers,
-Matt

On Mon, Jan 12, 2009 at 4:06 PM, Hannes Tschofenig <
Hannes.Tschofenig@gmx.net> wrote:

> Hi all,
>
> Section 6.1.1. of
>
> http://www.ietf.org/internet-drafts/draft-ietf-keyprov-portable-symmetric-ke
> y-container-06.txt<http://www.ietf.org/internet-drafts/draft-ietf-keyprov-portable-symmetric-key-container-06.txt>describes the AES-128-CBC encryption algorithm as
> mandatory to implement.
>
> It was suggested to switch from AES-128-CBC to KW-AES-128 as the mandatory
> algorithm.
>
> During the meeting we had a very brief chat about this topic, see (and
> hear):
> http://www.ietf.org/proceedings/08nov/slides/keyprov-2/keyprov-2.htm
> ftp://videolab.uoregon.edu/pub/videolab/media/ietf73/ietf73-ch8-wed-am2.mp3
>
> I checked the meeting minutes and noticed that they do not capture a lot:
> http://www.ietf.org/proceedings/08nov/minutes/keyprov.txt
>
> So, let's us do a quick poll.
>
> Please indicate your preference (if possible with arguments why you want
> one
> or the other).
>
> --> Deadline for your response: 20th Jan. 2009 <--
>
> Ciao
> Hannes
>
> ________________________________
>
>        From: keyprov-bounces@ietf.org [mailto:keyprov-bounces@ietf.org] On
> Behalf Of Pei, Mingliang
>        Sent: 12 January, 2009 20:01
>        To: Philip Hoyer; hannes.tschofenig@gmx.net; keyprov@ietf.org
>        Subject: Re: [KEYPROV] Examples in PSKC
>
>
>        It was an issue raised during 73-th IETF. I wasn't aware that the
> decision to KW has been made in the follow up calls. Thanks for the update.
> I will make changes to AES-128-KW.
>
>        - Ming
>
>
> ________________________________
>
>                From: Philip Hoyer [mailto:philip.hoyer@actividentity.com]
>                Sent: Monday, January 12, 2009 2:31 AM
>                To: Pei, Mingliang; hannes.tschofenig@gmx.net;
> keyprov@ietf.org
>                Subject: RE: [KEYPROV] Examples in PSKC
>
>
>
>                Ming,
>
>                We agreed on previous call that the KW version AES 128 will
> be the mandatory algorithm for PSKC and DSKPP so we need examples using
> KW-AES-128
>
>
>
>                Philip
>
>
>
>                ________________________________
>
>                                From: keyprov-bounces@ietf.org
> [mailto:keyprov-bounces@ietf.org] On Behalf Of Pei, Mingliang
>                Sent: Monday, January 12, 2009 9:38 AM
>                To: hannes.tschofenig@gmx.net; keyprov@ietf.org
>                Subject: Re: [KEYPROV] Examples in PSKC
>
>
>
>                Yes, I have done AES128-CBC examples. The padding and iv are
> well considered in the example now, and I will update the draft to reflect
> the specifications and example data. The mac key choice is the encryption
> key by default and we need to come out a way to allow other mac key as we
> discussed during 73th ietf.
>
>                I am working on the rsa example, and hope to get most
> results before Tuesday's call.
>
>                - Ming
>
>
>                ----- Original Message -----
>                From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
>                To: Pei, Mingliang; hannes.tschofenig@gmx.net
> <hannes.tschofenig@gmx.net>; keyprov@ietf.org <keyprov@ietf.org>
>                Sent: Sat Jan 10 09:22:36 2009
>                Subject: RE: [KEYPROV] Examples in PSKC
>
>                Ming,
>
>                Are you making progress with the examples?
>
>                Ciao
>                Hannes
>
>
>                ________________________________
>
>                        From: keyprov-bounces@ietf.org
> [mailto:keyprov-bounces@ietf.org] On
>                Behalf Of ext Pei, Mingliang
>                        Sent: 15 December, 2008 09:25
>                        To: hannes.tschofenig@gmx.net; keyprov@ietf.org
>                        Subject: Re: [KEYPROV] Examples in PSKC
>
>
>
>                        I am one. Philip also suggested that it better has
> two versions so
>                that they can verify each other. Hope to get another
> reference check.
>
>                        - Ming
>
>                        ----- Original Message -----
>                        From: keyprov-bounces@ietf.org
> <keyprov-bounces@ietf.org>
>                        To: keyprov@ietf.org <keyprov@ietf.org>
>                        Sent: Sun Dec 14 04:55:43 2008
>                        Subject: [KEYPROV] Examples in PSKC
>
>                        Hi all,
>
>                        during the IETF#73 KEYPROV meeting Ming mentioned
> that the examples
>                will be
>                        extended in such a way that they can actually be
> verified, i.e.,
>                when there
>                        is a digital signature then enough information is
> provided in the
>                document
>                        so that it can be checked for correctness.
>
>                        What I have in mind is something similar to what is
> done in
>                        http://www.ietf.org/rfc/rfc4474.txt (see also
> Appendix B)
>
>                        So, who is working on this aspect?
>
>                        Ciao
>                        Hannes
>
>
>                        _______________________________________________
>                        KEYPROV mailing list
>                        KEYPROV@ietf.org
>                        https://www.ietf.org/mailman/listinfo/keyprov
>
>
>
>
>
> _______________________________________________
> KEYPROV mailing list
> KEYPROV@ietf.org
> https://www.ietf.org/mailman/listinfo/keyprov
>



-- 
Thanks!
-Matt

Matt Ball, IEEE P1619.x SISWG Chair
Cell: 303-717-2717
http://www.linkedin.com/in/matthewvball
http://www.mavaball.net/

_______________________________________________
KEYPROV mailing list
KEYPROV@ietf.org
https://www.ietf.org/mailman/listinfo/keyprov

v2.23.0 | Report a Bug | By Email