IETF Logo Mail Archive

Re: [kitten] shepherd review of draft-aes-cts-hmac-sha2-09

Benjamin Kaduk <kaduk@MIT.EDU> Mon, 27 June 2016 21:41 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5AFD12DA35 for <kitten@ietfa.amsl.com>; Mon, 27 Jun 2016 14:41:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.627
X-Spam-Level:
X-Spam-Status: No, score=-5.627 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYo6TgKcAYYn for <kitten@ietfa.amsl.com>; Mon, 27 Jun 2016 14:41:58 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6517E12DA49 for <kitten@ietf.org>; Mon, 27 Jun 2016 14:39:43 -0700 (PDT)
X-AuditID: 12074423-88bff70000004bf8-5a-57719d1da1a3
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 63.88.19448.D1D91775; Mon, 27 Jun 2016 17:39:42 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u5RLdfFn031075; Mon, 27 Jun 2016 17:39:41 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u5RLdbUT016927 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 27 Jun 2016 17:39:40 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u5RLdbQX028339; Mon, 27 Jun 2016 17:39:37 -0400 (EDT)
Date: Mon, 27 Jun 2016 17:39:36 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Luke Howard <lukeh@padl.com>
In-Reply-To: <CE065B50-FEAA-4629-88E4-0DE74802146A@padl.com>
Message-ID: <alpine.GSO.1.10.1606271738370.18480@multics.mit.edu>
References: <alpine.GSO.1.10.1606261730110.18480@multics.mit.edu> <5596DB1C-B1AA-4C5B-94B6-3FA033B8161E@padl.com> <alpine.GSO.1.10.1606271001090.18480@multics.mit.edu> <CE065B50-FEAA-4629-88E4-0DE74802146A@padl.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-559023410-762128768-1467063576=:18480"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprDKsWRmVeSWpSXmKPExsUixG6nois3tzDcYO58MYutN78zWhzdvIrF 4u6l/+wWy75dZXNg8dg56y67x5IlP5k85n6YxuLx5fJntgCWKC6blNSczLLUIn27BK6Me6fP MRVcYqt4+usGawPjLtYuRk4OCQETie0T3zJ3MXJxCAm0MUm0np7GBOFsZJT4d30ilHOISaL7 0ixGCKeBUWLBsk1g/SwC2hKHP0xlBLHZBFQkZr7ZyAZiiwgoSEzevxZsLrPAbEaJeYvPs4Mk hAWcJW6/6mYGsTkFbCS2bmgHs3kFHCW2PJ/FCrHhOqPEibf7wKaKCuhIrN4/hQWiSFDi5Mwn YDazQIDE4aZVLBMYBWYhSc1CkoKw1SUaH5xlg7C1Je7fbGNbwMiyilE2JbdKNzcxM6c4NVm3 ODkxLy+1SNdMLzezRC81pXQTIzjgXZR3ML7s8z7EKMDBqMTDu6OuMFyINbGsuDL3EKMkB5OS KO+piUAhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIryFs4FyvCmJlVWpRfkwKWkOFiVxXkYGBgYh gfTEktTs1NSC1CKYrAwHh5IEbyNIo2BRanpqRVpmTglCmomDE2Q4D9Dw5zNBhhcXJOYWZ6ZD 5E8x6nIs+HF7LZMQS15+XqqUOK8tyCABkKKM0jy4OeBEtZtJ9RWjONBbwrwnQap4gEkObtIr oCVMQEtYq/NBlpQkIqSkGhiVDz6XTlU8e7JO5aCyu3PFld08NoenX9ecLn9Hchb3vgm3XnLv ObNlwYPfk8piq08csPoy+/LdHYfDvn9mnti871z4smT2d1d6Fzvu/nppIVeH9VSuud2XXuVe 3ZRqt6THccOyWYlCYQWthSHGfSGHD99b0VjjwL7sBcNCtpOzjRdfzHhqfu71DCWW4oxEQy3m ouJEAK/AdHUvAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/5fGZHxMyRgVK7rAxFsYh73JaaAc>
Cc: "kitten@ietf.org" <kitten@ietf.org>, draft-ietf-kitten-aes-cts-hmac-sha2@tools.ietf.org
Subject: Re: [kitten] shepherd review of draft-aes-cts-hmac-sha2-09
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2016 21:42:00 -0000

On Mon, 27 Jun 2016, Luke Howard wrote:

> Our implementation assumes that the context is always empty and only the
> label is used. But it’s trivial to change if you update the draft to use
> the context for the PRF.

Yeah, I don't expect much trouble for implementations if this does change.
A big reason I'm inclined to treat the PRF input as context and not label
is that in some scenarios it can be attacker-controlled, so having the
forced separation from the prf prefix could be useful.

-Ben

v2.23.0 | Report a Bug | By Email