Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-02

Simon Josefsson <simon@josefsson.org> Fri, 23 May 2014 08:42 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 464601A03C6 for <kitten@ietfa.amsl.com>; Fri, 23 May 2014 01:42:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29UFDmLAouLD for <kitten@ietfa.amsl.com>; Fri, 23 May 2014 01:42:37 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96F6B1A0142 for <kitten@ietf.org>; Fri, 23 May 2014 01:42:37 -0700 (PDT)
Received: from latte.josefsson.org (46.182.205.36.c.fiberdirekt.net [46.182.205.36]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id s4N8gMPx008728 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 23 May 2014 10:42:24 +0200
Date: Fri, 23 May 2014 10:42:17 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Shawn M Emery <shawn.emery@oracle.com>
Message-ID: <20140523104217.05791078@latte.josefsson.org>
In-Reply-To: <53799133.70201@oracle.com>
References: <52AE9A65.1010700@oracle.com> <53799133.70201@oracle.com>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.98.1 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/7lT-NBy8QNS4oYl5ryiuP2hutMY
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 08:42:39 -0000

You wrote:

> AES Encryption with HMAC-SHA2 for Kerberos 5
> http://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-02

I know this is a late generic comment, and I have vague memories that
this was already discussed.  But why are we standardizing separate
encrypt and MAC when everyone else is moving towards AEAD-based modes?
I don't see any discussion of this in the draft.  There are AEAD modes
with nicer properties wrt IV reuse, like SIV.  It seems unforunate that
Kerberos lingers behind when several other protocols have already
specified AEAD modes.

I don't see any conflict between moving this draft forward, and working
on AEAD modes in parallel, so no objection from me.

/Simon