Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06

Jeffrey Altman <jaltman@secure-endpoints.com> Thu, 09 April 2015 19:07 UTC

Return-Path: <prvs=1541f6abd6=jaltman@secure-endpoints.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2AF81A8A66 for <kitten@ietfa.amsl.com>; Thu, 9 Apr 2015 12:07:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZ-Tv6w0QJsB for <kitten@ietfa.amsl.com>; Thu, 9 Apr 2015 12:07:03 -0700 (PDT)
Received: from sequoia-grove.secure-endpoints.com (sequoia-grove.ad.secure-endpoints.com [208.125.0.235]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB4081A8A0D for <kitten@ietf.org>; Thu, 9 Apr 2015 12:07:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=secure-endpoints.com; s=MDaemon; t=1428606400; x=1429211200; q=dns/txt; h=VBR-Info:Message-ID:Date:From:Organization: User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To: OpenPGP:Content-Type; bh=EvgD2PdNv+aINoOQ0suZ1Yz/kpxpHxmDJMnu07W 7Eis=; b=HSL8fhL62YeE3ZVfmg2TtPGtUo35c8ZvkmFZ/nIkPtiBU5W8ctobyo2 YrLrxHOgQbguGvCXg823bhWFnyZ81U7vnG1a2pIzbqFx5p3p084kAkUGsn6s9HGM 0u0DpVF3ZsEUD25DNtr1BXoDz7NehxWrtYggMkKfwOOOQq0RnDgQ=
X-MDAV-Result: clean
X-MDAV-Processed: sequoia-grove.secure-endpoints.com, Thu, 09 Apr 2015 15:06:40 -0400
X-Spam-Processed: sequoia-grove.secure-endpoints.com, Thu, 09 Apr 2015 15:06:40 -0400
Received: from [x.x.x.x] by secure-endpoints.com (Cipher TLSv1:AES-SHA:128) (MDaemon PRO v15.0.0) with ESMTPSA id md50000853589.msg for <kitten@ietf.org>; Thu, 09 Apr 2015 15:06:39 -0400
VBR-Info: md=secure-endpoints.com; mc=all; mv=vbr.emailcertification.org;
X-MDArrival-Date: Thu, 09 Apr 2015 15:06:39 -0400
X-Authenticated-Sender: jaltman@secure-endpoints.com
X-Return-Path: prvs=1541f6abd6=jaltman@secure-endpoints.com
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kitten@ietf.org
Message-ID: <5526CDBA.3030102@secure-endpoints.com>
Date: Thu, 09 Apr 2015 15:06:34 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Organization: Secure Endpoints Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Greg Hudson <ghudson@mit.edu>, Benjamin Kaduk <kaduk@mit.edu>
References: <alpine.GSO.1.10.1503301227280.22210@multics.mit.edu> <551D6C35.4080108@mit.edu> <alpine.GSO.1.10.1504081626110.22210@multics.mit.edu> <5525B044.8070509@mit.edu>
In-Reply-To: <5525B044.8070509@mit.edu>
OpenPGP: id=FA444AF197F449B24CF3E699F77A735592B69A04; url=http://pgp.mit.edu
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms020104020409030700090600"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/lWMPDlTT6e3bd30Anu89oFSiHNs>
Cc: kitten@ietf.org
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 19:07:04 -0000

Greg,

Thank you for performing this important review.   The questions you have
raised are significant.   Do we have independent review from trusted
cryptographers?  I'm not one so will not try to review the math.

On 4/8/2015 6:48 PM, Greg Hudson wrote:
> On 04/08/2015 05:26 PM, Benjamin Kaduk wrote:
> 
>> Hmm.  I don't really want to propose removing test vectors to replace them
>> with new ones, but could we add some additional test vectors which do
>> possess the desired properties?  (I.e., that the Kc and Ki are listed in a
>> previous test vector from base key and usage, or that they are test
>> vectors starting from base key.)
> 
> I don't think there's anything precious about the currently listed test
> vectors.  If the draft authors possess the base keys they used for the
> encryption test vectors, they can provide them; otherwise they can
> generate new test vectors and we can discard the old ones.  Including
> encryption test vectors with missing base keys just seems frustrating to
> an implementor.
> 

My personal opinion is that the last call should not complete
successfully if it is not possible to verify all of the test vectors.

It would also be my preference that there be two interoperable
implementations before the working group approves the document.

Sincerely

Jeffrey Altman