IETF Logo Mail Archive

Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-02

Benjamin Kaduk <kaduk@MIT.EDU> Thu, 22 May 2014 21:15 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3060F1A0283 for <kitten@ietfa.amsl.com>; Thu, 22 May 2014 14:15:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.252
X-Spam-Level:
X-Spam-Status: No, score=-3.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xm0MKiuvkX2f for <kitten@ietfa.amsl.com>; Thu, 22 May 2014 14:15:50 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69E7C1A030B for <kitten@ietf.org>; Thu, 22 May 2014 14:15:50 -0700 (PDT)
X-AuditID: 1209190f-f790b6d000000c38-f2-537e6904a350
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 31.D7.03128.4096E735; Thu, 22 May 2014 17:15:48 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s4MLFlJ4020471 for <kitten@ietf.org>; Thu, 22 May 2014 17:15:48 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s4MLFjgq026156 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <kitten@ietf.org>; Thu, 22 May 2014 17:15:46 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s4MLFip5026695; Thu, 22 May 2014 17:15:44 -0400 (EDT)
Date: Thu, 22 May 2014 17:15:44 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: "kitten@ietf.org" <kitten@ietf.org>
In-Reply-To: <53799133.70201@oracle.com>
Message-ID: <alpine.GSO.1.10.1405221659110.25244@multics.mit.edu>
References: <52AE9A65.1010700@oracle.com> <53799133.70201@oracle.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOIsWRmVeSWpSXmKPExsUixCmqrcuSWRdssP2dgMXRzatYHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CVsWbZNeaCUzwVs++eZW1g/M3ZxcjJISFgIjHlwV5mCFtM4sK9 9WwgtpDAbCaJrs7oLkYuIPs4o8Sy1rdMEM4NJok1X8+zQDgNjBIzVn9gBWlhEdCW+PLoN1g7 m4CKxMw3G8FsEQF1ib2HprKA2MICLhIPdm9kBLE5BTQkTj49xARi8wo4Svx/tY0ZYrWrxIPf k8DqRQV0JFbvn8ICUSMocXLmEzCbWcBS4t/aX6wTGAVmIUnNQpJawMi0ilE2JbdKNzcxM6c4 NVm3ODkxLy+1SNdELzezRC81pXQTIzj8JPl3MH47qHSIUYCDUYmH14K1LliINbGsuDL3EKMk B5OSKK9BMlCILyk/pTIjsTgjvqg0J7X4EKMEB7OSCK9PKFCONyWxsiq1KB8mJc3BoiTO+9ba KlhIID2xJDU7NbUgtQgmK8PBoSTBa58B1ChYlJqeWpGWmVOCkGbi4AQZzgM0PB6khre4IDG3 ODMdIn+KUVFKnPdpOlBCACSRUZoH1wtLD68YxYFeEea1AWnnAaYWuO5XQIOZgAa/WFgLMrgk ESEl1cDo/9/AIWDp4Vt6xbeDt3aqp/16t3hKBN+a/oaPvOmf0+9PSGcyW/spYOJOs5vbFdUS 5q8v22Rr+jr05YvABXPPWrHFbjn7dZKMgBvDpq6t3qdWxpTeqb8RlLXP5ugSPU82vW0lW/ax 5vporP/Xu6BwV3fxveirAZz/ZA23eJSusupTKP5oVhykxFKckWioxVxUnAgAFj3kPuoCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/4vyLOClkYF_K7EO6aLbB4AZju5k
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2014 21:15:52 -0000

On Mon, 19 May 2014, Shawn M Emery wrote:

>
> This message officially starts the kitten Working Group Last Call for the 
> following document:
>
> AES Encryption with HMAC-SHA2 for Kerberos 5
> http://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-02
>
> The Working Group Last Call for this document starts today on Sunday, May 
> 18th and will end on Sunday, June 1st.

This looks pretty much okay.

A few minor things:

The specification of en/decryption in section 5 assigns the new 
cipherstate as "next-to-last 128-bit block of C"; this is slightly 
ambiguous when C does not end on a block boundary.  I believe the intent 
is that the last full block will be used in this case, but one could read 
the current text as saying that the next-to-last full block would be used.
Also, the description of D() says it is an AES encryption function, not a 
decryption function.

There are no test vectors for the PRF.  Having such vectors would also 
make it clear what the output length of the PRF is (luckily, we are not 
using the simplified profile, with its ambiguous language "truncate tmp1 
to multiple of m").  (The PRF output length looks to be 256 and 384 bits 
for the two variants, to me.)

In section 8.1, "at least 128 bits of random" feels ungrammatical.  Also 
in that section, the third and fourth bullet points may be specific to the 
MIT krb5 implementation; it might be worth tweaking the wording to reflect 
that this is only known to affect some implementations, or something like 
that.

I did not attempt to verify the test vectors.

-Ben

v2.35.0 | Report a Bug | By Email | System Status