Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-02
Greg Hudson <ghudson@MIT.EDU> Fri, 23 May 2014 15:26 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B316B1A01E7 for <kitten@ietfa.amsl.com>; Fri, 23 May 2014 08:26:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.252
X-Spam-Level:
X-Spam-Status: No, score=-3.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoIWvTw4jqOB for <kitten@ietfa.amsl.com>; Fri, 23 May 2014 08:26:22 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id 254601A00BA for <kitten@ietf.org>; Fri, 23 May 2014 08:26:22 -0700 (PDT)
X-AuditID: 12074422-f79376d000000c58-6f-537f689c2b4f
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 41.8C.03160.C986F735; Fri, 23 May 2014 11:26:20 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id s4NFQJX7008628; Fri, 23 May 2014 11:26:19 -0400
Received: from [18.101.8.212] (vpn-18-101-8-212.mit.edu [18.101.8.212]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s4NFQHur029141 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 23 May 2014 11:26:18 -0400
Message-ID: <537F6899.4040108@mit.edu>
Date: Fri, 23 May 2014 11:26:17 -0400
From: Greg Hudson <ghudson@MIT.EDU>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Simon Josefsson <simon@josefsson.org>
References: <52AE9A65.1010700@oracle.com> <53799133.70201@oracle.com> <20140523104217.05791078@latte.josefsson.org>
In-Reply-To: <20140523104217.05791078@latte.josefsson.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmleLIzCtJLcpLzFFi42IRYrdT152TUR9s8O6YmMXRzatYLO5tucTu wOSxZMlPJo+ZZy6yBzBFcdmkpOZklqUW6dslcGX8n3eJrWAZV8XPOxuZGhjncXQxcnJICJhI rHvdzgRhi0lcuLeerYuRi0NIYDaTxKaVH9khnI2MEhP2LoByjjBJbPy8nRWkhVdATWL57u2M IDaLgKrE3IblbCA2m4CyxMGz31hAbFGBMImPR9exQdQLSpyc+QQozsEhIqApMbc9A8RkFlCX 2LmbGaRCWMBF4sHujWAThQSKJfqf/AOzOQWsJDrmf2eBOFRSYtuiY+wgNrOAjsS7vgfMELa8 xPa3c5gnMArNQrJsFpKyWUjKFjAyr2KUTcmt0s1NzMwpTk3WLU5OzMtLLdI11cvNLNFLTSnd xAgOaxelHYw/DyodYhTgYFTi4X3AVBcsxJpYVlyZe4hRkoNJSZQ30bY+WIgvKT+lMiOxOCO+ qDQntfgQowQHs5IIb7EfUI43JbGyKrUoHyYlzcGiJM771toqWEggPbEkNTs1tSC1CCYrw8Gh JMHLAYxfIcGi1PTUirTMnBKENBMHJ8hwHqDh7CA1vMUFibnFmekQ+VOMilLivAXpQAkBkERG aR5cLyztvGIUB3pFmPc8SBUPMGXBdb8CGswENPjFwlqQwSWJCCmpBkblHA7+fLZt1ydeqPxS PG2/gwD7QRX587sunNl82bOvbtm6zOA3L9IPBG9/6HWp11Os9qNGqbVzv+GOW8XMm97z1J06 6cTtH1575fIRrrNH9VPafy8N2+905dJH5WxxvbWLNqtcffD8/iXFKq+Th3p6L0+8XsAc+oer 4kTntp+5rQJHnKwFVukpsRRnJBpqMRcVJwIAQ5GCXRYDAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/oHUPteph_zO2QeYCWxsBkrmrDG0
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 15:26:23 -0000
On 05/23/2014 04:42 AM, Simon Josefsson wrote: > I know this is a late generic comment, and I have vague memories that > this was already discussed. But why are we standardizing separate > encrypt and MAC when everyone else is moving towards AEAD-based modes? We have spent a lot of time considering CCM and GCM. In the end, the uncoordinated nature of Kerberos key usage on long-term keys makes it too hard to pick nonces within the 128-bit space of an AES block with sufficient confidence that they won't be reused. Channel protocols such as TLS can assume state on either end of a connection, making it much easier to select nonces. A Kerberos enctype could be specified which is intended only to be used with short-lived keys via RFC 4537 enctype negotiation, but there would have to be a significant practical advantage to justify that extra complexity. > I don't see any discussion of this in the draft. There are AEAD modes > with nicer properties wrt IV reuse, like SIV. We have not considered SIV as no one has brought it up before (and in fact, I hadn't heard about it until now). Since a goal of this enctype is to hew as closely as possible to NIST-certified cryptography practices, I don't know that SIV would be an attractive option, but I will definitely read up on it.
- [kitten] WGLC on draft-ietf-kitten-sasl-oauth-12 Shawn M Emery
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Matt Miller (mamille2)
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Matt Miller (mamille2)
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Matt Miller (mamille2)
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Ryan Troll
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Ryan Troll
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-s… Shawn M Emery
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Peck, Michael A
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Simon Josefsson
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
- [kitten] WGLC on draft-ietf-krb-wg-cammac-08 Shawn M Emery
- Re: [kitten] WGLC on draft-ietf-krb-wg-cammac-08 Zheng, Kai
- Re: [kitten] WGLC on draft-ietf-krb-wg-cammac-08 Tom Yu
- Re: [kitten] WGLC on draft-ietf-krb-wg-cammac-08 Zheng, Kai
- [kitten] WGLC on draft-ietf-kitten-sasl-oauth-15 Shawn M Emery
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth… Bill Mills