RE: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt
"Blumenthal, Uri" <uri.blumenthal@intel.com> Mon, 23 May 2005 22:13 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DaLAf-0004uH-DH; Mon, 23 May 2005 18:13:13 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DaLAd-0004uC-Ip for kitten@megatron.ietf.org; Mon, 23 May 2005 18:13:11 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA03649 for <kitten@ietf.org>; Mon, 23 May 2005 18:13:08 -0400 (EDT)
Received: from fmr15.intel.com ([192.55.52.69] helo=fmsfmr005.fm.intel.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DaLSf-0005bX-TD for kitten@ietf.org; Mon, 23 May 2005 18:31:51 -0400
Received: from fmsfmr100.fm.intel.com (fmsfmr100.fm.intel.com [10.1.192.58]) by fmsfmr005.fm.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j4NMD0YE019052; Mon, 23 May 2005 22:13:00 GMT
Received: from fmsmsxvs041.fm.intel.com (fmsmsxvs041.fm.intel.com [132.233.42.126]) by fmsfmr100.fm.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j4NMCtvc016308; Mon, 23 May 2005 22:13:00 GMT
Received: from fmsmsx332.amr.corp.intel.com ([132.233.42.148]) by fmsmsxvs041.fm.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005052315125930230 ; Mon, 23 May 2005 15:13:00 -0700
Received: from fmsmsx311.amr.corp.intel.com ([132.233.42.214]) by fmsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 23 May 2005 15:13:00 -0700
Received: from hdsmsx402.amr.corp.intel.com ([10.127.2.62]) by fmsmsx311.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 23 May 2005 15:12:59 -0700
Received: from pysmsx401.amr.corp.intel.com ([146.152.3.156]) by hdsmsx402.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 23 May 2005 18:12:45 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 23 May 2005 18:11:56 -0400
Message-ID: <3DEC199BD7489643817ECA151F7C5929012EB5EC@pysmsx401.amr.corp.intel.com>
Thread-Topic: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt
Thread-Index: AcVf3K5H1kc44RcbQVOD44Ar0dFSTQABv1Yg
From: "Blumenthal, Uri" <uri.blumenthal@intel.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
X-OriginalArrivalTime: 23 May 2005 22:12:45.0447 (UTC) FILETIME=[8BE9E170:01C55FE4]
X-Scanned-By: MIMEDefang 2.44
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Content-Transfer-Encoding: quoted-printable
Cc: kitten@ietf.org, Ken Raeburn <raeburn@MIT.EDU>
Subject: RE: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Sender: kitten-bounces@lists.ietf.org
Errors-To: kitten-bounces@lists.ietf.org
Darn... You start giving advices, and now they demand the actual text from you! Next you know they'll ask for an implementation! :-) How about: Pseudorandom functions by their nature are capable of producing only limited amount of cryptographically secure output. The exact amount of output that one can safely use, unfortunately varies from one PRF to another (which prevents us from recommending specific numbers). Because of this, we recommend that unless you really know what you are doing (i.e. you are a cryptographer and are qualified to pass judgement on cryptographic functions in areas of period, presence of short cycles, etc) - you limit the amount of the PRF output to the necessary minimum. Don't forget to edit my English! :-) -----Original Message----- From: Nicolas Williams [mailto:Nicolas.Williams@sun.com] Sent: Monday, May 23, 2005 5:16 PM To: Blumenthal, Uri Cc: Ken Raeburn; kitten@ietf.org Subject: Re: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt On Mon, May 23, 2005 at 05:11:01PM -0400, Blumenthal, Uri wrote: > IMHO if a PRF can handle only a dozen or so calls - it's so > cryptographically weak that it doesn't belong anyway. It should suffice > for us to mention the reason why the user may want to limit the amount > of PRF output. > > I don't think a good PRF would leak any material except for when its > period is reached (a good PRF won't have short cycles either). > > So we can drop giving concrete numbers (after all, if we don't know the > underlying crypto - we can't tell how many bits the resulting PRF can > safely output), but just say that because of <a>, <b> and <c> the user > should take care and limit the number of PRF invocations/output bits. > > Does this make sense? Ok. Text please? _______________________________________________ Kitten mailing list Kitten@lists.ietf.org https://www1.ietf.org/mailman/listinfo/kitten
- Comments on draft-ietf-kitten-krb5-gssapi-prf-03.… Jeffrey Altman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Altman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Ken Raeburn
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Ken Raeburn
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Salowey, Joe
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Martin Rex
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Sam Hartman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Martin Rex
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Consensus call was Re: Comments on draft-ietf-kit… Jeffrey Altman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Sam Hartman
- Re: Consensus call was Re: Comments on draft-ietf… Sam Hartman
- Re: Consensus call was Re: Comments on draft-ietf… Nicolas Williams
- Re: Consensus call was Re: Comments on draft-ietf… Sam Hartman
- Re: Consensus call was Re: Comments on draft-ietf… Nicolas Williams
- Re: Consensus call was Re: Comments on draft-ietf… Nicolas Williams
- Re: Consensus call was Re: Comments on draft-ietf… Jeffrey Altman
- Updated I-Ds submitted, pls begin WGLC (Re: Conse… Nicolas Williams