Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC
"Matt Ball" <matt.ball@ieee.org> Wed, 14 January 2009 13:02 UTC
Return-Path: <keyprov-bounces@ietf.org>
X-Original-To: keyprov-archive@optimus.ietf.org
Delivered-To: ietfarch-keyprov-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C43D3A6B42; Wed, 14 Jan 2009 05:02:20 -0800 (PST)
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29D263A6B42 for <keyprov@core3.amsl.com>; Wed, 14 Jan 2009 05:02:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.976
X-Spam-Level:
X-Spam-Status: No, score=-101.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYnpXrBoHat5 for <keyprov@core3.amsl.com>; Wed, 14 Jan 2009 05:02:17 -0800 (PST)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by core3.amsl.com (Postfix) with ESMTP id 8C3EC3A63EC for <keyprov@ietf.org>; Wed, 14 Jan 2009 05:02:17 -0800 (PST)
Received: by rv-out-0506.google.com with SMTP id b25so613093rvf.49 for <keyprov@ietf.org>; Wed, 14 Jan 2009 05:02:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type:references :x-google-sender-auth; bh=6A/Q2n4+yZrny2aQXkDpOUKyDsM/IuiPyQJzYpWaXRE=; b=Tn3ZU6pG+zrHncIxni6raHQvzlTnt8BcVslPSPQaVepGGsZk8mWNPHbvsYI/todTjP WYaXxY53WwlzX4tQ3pdbqQpmAPnvlzYph2TdRPCCFeBHp2fByffppjKNKjEhfw3KekxX 0y2tWuCctm5y/z4TJyYgA12wvDRl6whV+wVRE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=UsYZnYSzUNY8Iv6S9wWBceYwvsvkzU8WE0RFq+q64Ru3vl0ITh+z7TP205fI1b5tYC zDqcbfBFAhlXEW2Rr6Y7a2+SVElhCVRxM+y9LV5diA0fFJIA1CG1z7U+HqEu5Ph1H9wy g0z/eZg+yQWsVyCOxeLqtnqOhDJs3XVPColzU=
Received: by 10.141.122.1 with SMTP id z1mr18187rvm.49.1231936169790; Wed, 14 Jan 2009 04:29:29 -0800 (PST)
Received: by 10.140.40.7 with HTTP; Wed, 14 Jan 2009 04:29:29 -0800 (PST)
Message-ID: <ed843b100901140429x7f229084jd6e1090c45ff1e85@mail.gmail.com>
Date: Wed, 14 Jan 2009 05:29:29 -0700
From: Matt Ball <matt.ball@ieee.org>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <032401c9750a$6d5130d0$0201a8c0@nsnintra.net>
MIME-Version: 1.0
References: <3E5A2F1AD44F5E49A74F79AB47C0C0C92C37AD@mou1wnexmb10.vcorp.ad.vrsn.com> <5BFE9E473DBFC24CA87F18F29B3F0AC403EB7007@sur-corp-ex-02.corp.ad.activcard.com> <3E5A2F1AD44F5E49A74F79AB47C0C0C901181CB4@mou1wnexmb10.vcorp.ad.vrsn.com> <032401c9750a$6d5130d0$0201a8c0@nsnintra.net>
X-Google-Sender-Auth: 2832bc838ecf586f
Cc: keyprov@ietf.org
Subject: Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1856644169=="
Sender: keyprov-bounces@ietf.org
Errors-To: keyprov-bounces@ietf.org
Hi Folks, >From a NIST (i.e., FIPS 140-2) point-of-view, the only currently approved symmetric algorithm for protecting keys is AES Key Wrap (e.g., KW-AES-128). NIST will likely expand the list of approved algorithms in the next couple years, but I'm sure that they will always have a requirement to include both confidentiality and integrity. For this reason, if the decision is for AES-128-CBC, I would recommend adding an HMAC-SHA for integrity. AES Key Wrap already adds in a 64-bit integrity check, so this comes for 'free'. Preferences: 1) AES Key Wrap 2) AES-CBC with HMAC-SHA Cheers, -Matt On Mon, Jan 12, 2009 at 4:06 PM, Hannes Tschofenig < Hannes.Tschofenig@gmx.net> wrote: > Hi all, > > Section 6.1.1. of > > http://www.ietf.org/internet-drafts/draft-ietf-keyprov-portable-symmetric-ke > y-container-06.txt<http://www.ietf.org/internet-drafts/draft-ietf-keyprov-portable-symmetric-key-container-06.txt>describes the AES-128-CBC encryption algorithm as > mandatory to implement. > > It was suggested to switch from AES-128-CBC to KW-AES-128 as the mandatory > algorithm. > > During the meeting we had a very brief chat about this topic, see (and > hear): > http://www.ietf.org/proceedings/08nov/slides/keyprov-2/keyprov-2.htm > ftp://videolab.uoregon.edu/pub/videolab/media/ietf73/ietf73-ch8-wed-am2.mp3 > > I checked the meeting minutes and noticed that they do not capture a lot: > http://www.ietf.org/proceedings/08nov/minutes/keyprov.txt > > So, let's us do a quick poll. > > Please indicate your preference (if possible with arguments why you want > one > or the other). > > --> Deadline for your response: 20th Jan. 2009 <-- > > Ciao > Hannes > > ________________________________ > > From: keyprov-bounces@ietf.org [mailto:keyprov-bounces@ietf.org] On > Behalf Of Pei, Mingliang > Sent: 12 January, 2009 20:01 > To: Philip Hoyer; hannes.tschofenig@gmx.net; keyprov@ietf.org > Subject: Re: [KEYPROV] Examples in PSKC > > > It was an issue raised during 73-th IETF. I wasn't aware that the > decision to KW has been made in the follow up calls. Thanks for the update. > I will make changes to AES-128-KW. > > - Ming > > > ________________________________ > > From: Philip Hoyer [mailto:philip.hoyer@actividentity.com] > Sent: Monday, January 12, 2009 2:31 AM > To: Pei, Mingliang; hannes.tschofenig@gmx.net; > keyprov@ietf.org > Subject: RE: [KEYPROV] Examples in PSKC > > > > Ming, > > We agreed on previous call that the KW version AES 128 will > be the mandatory algorithm for PSKC and DSKPP so we need examples using > KW-AES-128 > > > > Philip > > > > ________________________________ > > From: keyprov-bounces@ietf.org > [mailto:keyprov-bounces@ietf.org] On Behalf Of Pei, Mingliang > Sent: Monday, January 12, 2009 9:38 AM > To: hannes.tschofenig@gmx.net; keyprov@ietf.org > Subject: Re: [KEYPROV] Examples in PSKC > > > > Yes, I have done AES128-CBC examples. The padding and iv are > well considered in the example now, and I will update the draft to reflect > the specifications and example data. The mac key choice is the encryption > key by default and we need to come out a way to allow other mac key as we > discussed during 73th ietf. > > I am working on the rsa example, and hope to get most > results before Tuesday's call. > > - Ming > > > ----- Original Message ----- > From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net> > To: Pei, Mingliang; hannes.tschofenig@gmx.net > <hannes.tschofenig@gmx.net>; keyprov@ietf.org <keyprov@ietf.org> > Sent: Sat Jan 10 09:22:36 2009 > Subject: RE: [KEYPROV] Examples in PSKC > > Ming, > > Are you making progress with the examples? > > Ciao > Hannes > > > ________________________________ > > From: keyprov-bounces@ietf.org > [mailto:keyprov-bounces@ietf.org] On > Behalf Of ext Pei, Mingliang > Sent: 15 December, 2008 09:25 > To: hannes.tschofenig@gmx.net; keyprov@ietf.org > Subject: Re: [KEYPROV] Examples in PSKC > > > > I am one. Philip also suggested that it better has > two versions so > that they can verify each other. Hope to get another > reference check. > > - Ming > > ----- Original Message ----- > From: keyprov-bounces@ietf.org > <keyprov-bounces@ietf.org> > To: keyprov@ietf.org <keyprov@ietf.org> > Sent: Sun Dec 14 04:55:43 2008 > Subject: [KEYPROV] Examples in PSKC > > Hi all, > > during the IETF#73 KEYPROV meeting Ming mentioned > that the examples > will be > extended in such a way that they can actually be > verified, i.e., > when there > is a digital signature then enough information is > provided in the > document > so that it can be checked for correctness. > > What I have in mind is something similar to what is > done in > http://www.ietf.org/rfc/rfc4474.txt (see also > Appendix B) > > So, who is working on this aspect? > > Ciao > Hannes > > > _______________________________________________ > KEYPROV mailing list > KEYPROV@ietf.org > https://www.ietf.org/mailman/listinfo/keyprov > > > > > > _______________________________________________ > KEYPROV mailing list > KEYPROV@ietf.org > https://www.ietf.org/mailman/listinfo/keyprov > -- Thanks! -Matt Matt Ball, IEEE P1619.x SISWG Chair Cell: 303-717-2717 http://www.linkedin.com/in/matthewvball http://www.mavaball.net/
_______________________________________________ KEYPROV mailing list KEYPROV@ietf.org https://www.ietf.org/mailman/listinfo/keyprov
- [KEYPROV] Examples in PSKC Hannes Tschofenig
- Re: [KEYPROV] Examples in PSKC Pei, Mingliang
- Re: [KEYPROV] Examples in PSKC Hannes Tschofenig
- Re: [KEYPROV] Examples in PSKC Hannes Tschofenig
- Re: [KEYPROV] Examples in PSKC Pei, Mingliang
- Re: [KEYPROV] Examples in PSKC Philip Hoyer
- Re: [KEYPROV] Examples in PSKC Pei, Mingliang
- Re: [KEYPROV] Examples in PSKC Hannes Tschofenig
- Re: [KEYPROV] Examples in PSKC Pei, Mingliang
- [KEYPROV] KW-AES-128 vs. AES-128-CBC Hannes Tschofenig
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Sean Turner
- [KEYPROV] AES / PBE Examples in PSKC updated to r… Pei, Mingliang
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Anders Rundgren
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Hannes Tschofenig
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Matt Ball
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Simon Josefsson
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Reddy, Raksha Patel
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC andrea.doherty
- Re: [KEYPROV] Advice needed: how shall we use AES… Pei, Mingliang
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Pei, Mingliang
- Re: [KEYPROV] KW-AES-128 vs. AES-128-CBC Tschofenig, Hannes (NSN - FI/Espoo)