Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-08
Kenneth G Raeburn <raeburn@mit.edu> Tue, 19 January 2016 08:13 UTC
Return-Path: <raeburn@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96F7E1ACF04 for <kitten@ietfa.amsl.com>; Tue, 19 Jan 2016 00:13:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.802
X-Spam-Level:
X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GsrgZgMhnMLO for <kitten@ietfa.amsl.com>; Tue, 19 Jan 2016 00:13:20 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863CE1ACF03 for <kitten@ietf.org>; Tue, 19 Jan 2016 00:13:20 -0800 (PST)
X-AuditID: 12074423-f797f6d0000023d0-4e-569df01ec442
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 6C.A9.09168.F10FD965; Tue, 19 Jan 2016 03:13:19 -0500 (EST)
Received: from outgoing-exchange-3.mit.edu (outgoing-exchange-3.mit.edu [18.9.28.13]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id u0J8DIM8009594 for <kitten@ietf.org>; Tue, 19 Jan 2016 03:13:18 -0500
Received: from W92EXEDGE5.EXCHANGE.MIT.EDU (w92exedge5.exchange.mit.edu [18.7.73.22]) by outgoing-exchange-3.mit.edu (8.13.8/8.12.4) with ESMTP id u0J8DHrM026886 for <kitten@ietf.org>; Tue, 19 Jan 2016 03:13:18 -0500
Received: from W92EXHUB16.exchange.mit.edu (18.7.73.27) by W92EXEDGE5.EXCHANGE.MIT.EDU (18.7.73.22) with Microsoft SMTP Server (TLS) id 14.3.235.1; Tue, 19 Jan 2016 03:12:58 -0500
Received: from OC11EXPO27.exchange.mit.edu ([169.254.1.37]) by W92EXHUB16.exchange.mit.edu ([18.7.73.27]) with mapi id 14.03.0235.001; Tue, 19 Jan 2016 03:13:17 -0500
From: Kenneth G Raeburn <raeburn@mit.edu>
To: Benjamin J Kaduk <kaduk@mit.edu>
Thread-Topic: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-08
Thread-Index: AQHRSELUNi0DtbcvtESIytCshpO2pp8C5csA
Date: Tue, 19 Jan 2016 08:13:16 +0000
Message-ID: <41868462-74A2-4416-81D8-F63781AE1BCF@mit.edu>
References: <alpine.GSO.1.10.1601060014510.26829@multics.mit.edu>
In-Reply-To: <alpine.GSO.1.10.1601060014510.26829@multics.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.31.203.101]
Content-Type: text/plain; charset="utf-8"
Content-ID: <3A4C16401726A24886B401903FC1D570@exchange.mit.edu>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPKsWRmVeSWpSXmKPExsUixCmqrSv/YW6YQdtXVoujm1exODB6LFny kymAMYrLJiU1J7MstUjfLoEro6N1FXPBI/GKi1d3sTYwThHvYuTgkBAwkdg8U7OLkRPIFJO4 cG89WxcjF4eQwGImiaOLd7BAONcYJVo3v2aEcO4wStyf9IoJwtnOKDH5/U9WkH4hgVWMEt/a 2EFsNgFNiY1/j4DZIgIqErvaz7OCrGMWUJfYuZsZJCws4CLx8eo/NpCwiICrxNe3qRDVRhKd Xz+DTWQRUJV4/PsyE4jNK2AlsfLgDCaITY4SX349ZASxOQWcJOY/W8cGYjMCffD91BqwGmYB cYlbT+YzQXwmKLFo9h5mmC//7XrIBmErSuw7tpAZ4jJNifW79CFa7SUutB5hhbAVJaZ0P2SH OEFQ4uTMJywTGKVmIdkwC6F7FpLuWUi6ZyHpXsDIuopRNiW3Sjc3MTOnODVZtzg5MS8vtUjX TC83s0QvNaV0EyMoXtldlHcw/jmodIhRgINRiYf3pePcMCHWxLLiytxDjJIcTEqivA5PgUJ8 SfkplRmJxRnxRaU5qcWHGCU4mJVEeIMeAuV4UxIrq1KL8mFS0hwsSuK8uzqAUgLpiSWp2amp BalFMFkZDg4lCV7W90BZwaLU9NSKtMycEoQ0EwcnyHAeoOH734EMLy5IzC3OTIfIn2JUlBLn 3QaSEABJZJTmwfWC0ym7p9grRnGgV4R5w0BW8ABTMVz3K6DBTECDf3rMBhlckoiQkmpg3HPk 28djJzz+37jyZ+nL0z/kpr5s0rybxdEukbHAMqnW9JLxGa4/O5xf7mZRuvvgytVDTXfDj26Z XsosNuVXJWfui0/6Hm+7z1raRyVNXZU9p+T37dj5UXdWy6ra/S4/sd5h5sf2Qo2n9xhXb286 1Xlmhkyt938RUf35RfNmsLrM//Sv7U/MQgslluKMREMt5qLiRABIbMVRggMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/HaKL_nCwrXuskFFfhlKLULJHd4U>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-08
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2016 08:13:22 -0000
Aside from the stuff Greg brought up, which all looks pretty straightforward to address, the rest looks good to me. A couple minor things, which may or may not be worth doing anything about: Section 8: I think one can argue that the formulation using the fixed IV and random confounder is mathematically identical to using a random IV; it’s just expressed differently, for historical reasons. This document probably wouldn’t be the place for it, but I wonder if a formal write-up of equivalent (fully compatible) cryptosystems using a more standard approach (random IV, no confounder) and laying out the alternate formulation of all the messages (e.g., what do the checksums cover, and how does the “cipher state” fit in then?) would be a useful way to say, “Yes, see right here, these Kerberos cryptosystems really do conform to these specs; the historical formulation is just weird.” In fact, perhaps we should have reworked them for RFC 3961. But I digress… for this draft, what’s there is good, though I wonder if it’s straightforward enough to reassure a reader not sufficiently familiar with cryptography, or if they’ll just see “does not…comply” with NIST requirements. Granted, most people reading it will probably figure it out, if they care, but our audience isn’t exclusively cryptographers, it’s people wanting to understand and/or implement protocols. Section 8.1: It’d be easy enough to define an encoding to carry 128 random bits while being compatible with UTF-8; I don’t think it’s required that the 128 random bits be contiguous, is it? It’s good to note the issue, but this is one with an easy solution. “Some known issues…” is followed by a list of one protocol-related item. (I would read “Further… the following issues…” as introducing a second list, of implementation issues, not a continuation of the first list.) A list-of-one reads awkwardly; I’d suggest perhaps something like: … shall be randomly generated. The string-to-key function…valid UTF-8 strings, so a UTF-8 compatible encoding would be needed to encapsulate the 128+ random bits. However, using a salt containing a random portion may have… Ken
- [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-s… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Kenneth G Raeburn
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman