Re: [kitten] History of AES block size issues
Sam Hartman <hartmans-ietf@mit.edu> Thu, 15 August 2013 00:02 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8F6211E81BB for <kitten@ietfa.amsl.com>; Wed, 14 Aug 2013 17:02:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.572
X-Spam-Level:
X-Spam-Status: No, score=-102.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKFLl+gRR2v9 for <kitten@ietfa.amsl.com>; Wed, 14 Aug 2013 17:02:47 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id E463A11E816E for <kitten@ietf.org>; Wed, 14 Aug 2013 17:02:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id EF90520280; Wed, 14 Aug 2013 20:01:34 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vxz4GIWK6y6h; Wed, 14 Aug 2013 20:01:33 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Wed, 14 Aug 2013 20:01:33 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 2A45F8052F; Wed, 14 Aug 2013 20:02:43 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Luke Howard <lukeh@padl.com>
References: <tslk3jodwgc.fsf@mit.edu> <5674376E76F88641AD3748A64F0996971AAB7DDE@TK5EX14MBXC285.redmond.corp.microsoft.com> <tslsiybaldd.fsf@mit.edu> <970B41DA-0AE6-4CC8-9DAB-A4049D8F0A44@padl.com>
Date: Wed, 14 Aug 2013 20:02:43 -0400
In-Reply-To: <970B41DA-0AE6-4CC8-9DAB-A4049D8F0A44@padl.com> (Luke Howard's message of "Thu, 15 Aug 2013 09:55:17 +1000")
Message-ID: <tslob8zakik.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "kitten@ietf.org" <kitten@ietf.org>, Michiko Short <michikos@microsoft.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] History of AES block size issues
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2013 00:02:52 -0000
>>>>> "Luke" == Luke Howard <lukeh@padl.com> writes: >> If I send you a 9-octet message it's actually 16. If I send you >> a 16-octet message it's still 16 octets. Luke> Is it not 24 octets? Ah, that depends if you are talking RFC 3961 or RFC 1964. Under 3961 I think 16; under 1964 I think 24. >> Greg, am I right that if your application aligns to a block size >> then you'll actually end up expanding more so you can indicate no >> padding is needed? If so will DCE RPC be OK with that? Luke> I believe it's fine for the reasons I mentioned in my last Luke> mail: Luke> Note "trailer" here means DCE RPC auth trailer, containing the Luke> RFC 4121 "header" (which has the EC and checksum rotated into Luke> a single token) Luke> * DCE RPC always pads at the application layer, if this it to Luke> at least 16 bytes then we will have a constant length trailer Luke> (we need to investigate this) Yeah, although in the obvious implementation we'll have 16 octets of pad buffer. so you might have to modify DCE RPC to deal with that if it doesn't already, but I guess that's not a problem if you control both your DCE RPC and your GSS.
- [kitten] History of AES block size issues Sam Hartman
- Re: [kitten] History of AES block size issues Michiko Short
- Re: [kitten] History of AES block size issues Sam Hartman
- Re: [kitten] History of AES block size issues Luke Howard
- Re: [kitten] History of AES block size issues Sam Hartman
- Re: [kitten] History of AES block size issues Tom Yu