Re: [kitten] I-D Action: draft-ietf-kitten-aes-cts-hmac-sha2-05.txt
Simo Sorce <simo@redhat.com> Wed, 04 February 2015 07:48 UTC
Return-Path: <ssorce@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BD921A6F2D for <kitten@ietfa.amsl.com>; Tue, 3 Feb 2015 23:48:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u89qp7jY5Sch for <kitten@ietfa.amsl.com>; Tue, 3 Feb 2015 23:48:06 -0800 (PST)
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AA941A6F2B for <kitten@ietf.org>; Tue, 3 Feb 2015 23:48:05 -0800 (PST)
Received: from zmail17.collab.prod.int.phx2.redhat.com (zmail17.collab.prod.int.phx2.redhat.com [10.5.83.19]) by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id t147m2c8001747; Wed, 4 Feb 2015 02:48:02 -0500
Date: Wed, 04 Feb 2015 02:48:02 -0500
From: Simo Sorce <simo@redhat.com>
To: Michael Jenkins <m.jenkins.364706@gmail.com>
Message-ID: <1218923415.6402079.1423036082480.JavaMail.zimbra@redhat.com>
In-Reply-To: <CAC2=hnfg8g-3p+0FPnvcfWKB6bb5bOJWBD0-=uD9vHidTxXM9g@mail.gmail.com>
References: <20140923122546.30735.53089.idtracker@ietfa.amsl.com> <20140930141040.271b6205@willson.usersys.redhat.com> <CAC2=hncRCQoDMgAVunuqugDi1UozH+oWxZX-T5KgMFdXHmLXUA@mail.gmail.com> <alpine.GSO.1.10.1502031328390.22079@multics.mit.edu> <CAC2=hnfg8g-3p+0FPnvcfWKB6bb5bOJWBD0-=uD9vHidTxXM9g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.12]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF35 (Linux)/8.0.6_GA_5922)
Thread-Topic: I-D Action: draft-ietf-kitten-aes-cts-hmac-sha2-05.txt
Thread-Index: Pb9YKLXVN3Tbk41bq78YWXsfmFslmQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/apRsQdojNAEPBeexU4bmyQ2VybA>
Cc: kitten@ietf.org, mjjenki@tycho.ncsc.mil, Simo Sorce <simo@redhat.com>
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-aes-cts-hmac-sha2-05.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Feb 2015 07:48:08 -0000
----- Original Message ----- > From: "Michael Jenkins" <m.jenkins.364706@gmail.com> > To: "Benjamin Kaduk" <kaduk@mit.edu> > Cc: "Simo Sorce" <simo@redhat.com>, kitten@ietf.org, mjjenki@tycho.ncsc.mil > Sent: Tuesday, February 3, 2015 10:04:21 PM > Subject: Re: [kitten] I-D Action: draft-ietf-kitten-aes-cts-hmac-sha2-05.txt > > The "constrains its application" made more sense in the original (unposted) > version of this paragraph that explicitly mentioned Suite B, before I > convinced myself that it was unnecessary (that it can be left for the > informational Suite B document). While I don't think you'd have to be > running a Suite B complaint installation for this document to be useful, it > is fair to say that the choices of hash and encryption sizes are > constraints. I would prefer to eliminate the initial clause than try to > rewrite it. So, the paragraph would start with, "This document has been > written to be consistent..." > > As to the 192 bits of security, again this made more sense originally when > I had text about the Suite B 192-bit level of security. Perhaps a final > sentence, "Note that, as indicated by the enc-type name > "aes256-cts-hmac-sha384-192", the use of SHA-384 and AES-256 with a 192-bit > key provides only a 192-bit level of security." [There's a NIST special pub > under development (says their 2012 Annual Report) that talks about > what-you-get-from-what-you-used, but I'm not sure when it might be > available.] > > The resulting paragraph would read: > > This document has been written to be consistent with common implementations > of AES and SHA-2. The encryption and hash algorithm sizes have been chosen > to create a consistent level of protection, with consideration to > implementation efficiencies. So, for instance, SHA-384, which would > normally be matched to AES-192, is instead matched to AES-256 to leverage > the fact that there are efficient hardware implementations of AES-256. Note > that, as indicated by the enc-type name "aes256-cts-hmac-sha384-192", the > use of SHA-384 and AES-256 with a 192-bit key provides only a 192-bit level > of security. Michael, thank you for the explanation. I think this wording (and this archived discussion), is sufficient to clear most of my questions and gives enough hints to understand the logic behind these choices. Regards, Simo. > On Tue, Feb 3, 2015 at 1:35 PM, Benjamin Kaduk <kaduk@mit.edu> wrote: > > > On Mon, 2 Feb 2015, Michael Jenkins wrote: > > > > > the document than say "because Suite B". I propose that the following > > > paragraph be added to the Security Considerations section (8) to address > > > the entire document, rather than to litter the document with in-place > > > explanations: > > > > > > 8.2 Algorithm dimensions > > > > > > Although there is nothing in this document that constrains its > > application, > > > > It's not entirely clear what "constraints its application" is intended to > > mean here; I would prefer an alternate phrasing. > > > > > it has been written to be consistent with common implementations of AES > > and > > > SHA-2. The encryption and hash algorithm sizes have been chosen to > > create > > > a consistent level of protection, with consideration to implementation > > > efficiencies. So, for instance, SHA-384, which would normally be matched > > to > > > AES-192, is instead matched to AES-256 to leverage the fact that there > > are > > > efficient hardware implementations of AES-256. > > > > I wonder if there is a way to say that the combination of SHA-384 and > > AES-256 as used in this document "only has 192 bits of security" (to the > > extent that the concept of bits of security can even be defined). > > > > > Would this suffice? If so, I'll generate an -06 version and upload it in > > > time for Dallas. > > > > That would be fine for me, but let's give Simo some time to reply as well. > > > > -Ben > > > > > > -- > Mike Jenkins > mjjenki@tycho.ncsc.mil - if you want me to read it only at my desk > m.jenkins.364706@gmail.com - to read everywhere else > 443-634-3951 >
- [kitten] I-D Action: draft-ietf-kitten-aes-cts-hm… internet-drafts
- Re: [kitten] I-D Action: draft-ietf-kitten-aes-ct… Simo Sorce
- Re: [kitten] I-D Action: draft-ietf-kitten-aes-ct… Michael Jenkins
- Re: [kitten] I-D Action: draft-ietf-kitten-aes-ct… Benjamin Kaduk
- Re: [kitten] I-D Action: draft-ietf-kitten-aes-ct… Michael Jenkins
- Re: [kitten] I-D Action: draft-ietf-kitten-aes-ct… Simo Sorce