Re: [kitten] [EXTERNAL] Re: Question about AES mode in Kerberos
"Steve Syfuhs (AP)" <Steve.Syfuhs@microsoft.com> Tue, 03 January 2023 20:09 UTC
Return-Path: <Steve.Syfuhs@microsoft.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5446BC14F749 for <kitten@ietfa.amsl.com>; Tue, 3 Jan 2023 12:09:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MUzrO5o-81a1 for <kitten@ietfa.amsl.com>; Tue, 3 Jan 2023 12:09:40 -0800 (PST)
Received: from CO1PR02CU001-vft-obe.outbound.protection.outlook.com (mail-westus2azon11021026.outbound.protection.outlook.com [52.101.47.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E58B1C14F613 for <kitten@ietf.org>; Tue, 3 Jan 2023 12:09:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TTGQLhrhJ94JENlqTUhCz6lAQ9k61IwVQgHqgUtONB6kYC8EPob+CzGjKYqCyPr0jk5juzd/6SdX7/j4o2VX3nHC38w57YQy4pvH9j2ae1/S/PNOpOWAMkQihKOV/NjJ+yH92dWSGuuO44edt7aGNRDCK5mPuBGzj26Sj1lFSQJXypbXJkRqUmmX+dNeuz6O0d9ks/bsLgdLe2/84y1Wt8+VLrzVVyCTYCiZqBaZRm12leBhTKJ+xXkuKvivP+Th/aHolzau960qAeBsO+k5mfOSmVNBVznt+UWVTA8EvxUvFKvsZ2xTos2hpquRTkL643ySbN/2iW/EdxU2HQfW3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RHo1n9CpWAh6wqQ4DwJlBLowK8ilFq2qHAUw1e9YYw0=; b=CjC92eTnLb9LssXShvXa9hl0yiQRYySH30zbDF6TOTNNi12zM/J+r7jg+34KaB2DT7+ScrLAPdODf9ywElcMyUbEv9LkqgxKlmTaQFqGORj4H6CdLMlec08R2YOatyFLPre2+hSKT8gddytXJOaBVbJ24QU8V1synZXZhO/7nFt8f2hgLs7IZTPXWkRj2I66IA6/VJbSCmRt6JgwJw1qR59x7Wj00EPYpAznxiTYQgOgO6d13NpjSGjK+pUDRFChHERs2vZr6VaQ8LAZHivY06RiZ7tYRQ7AvsMDggyCSITksEQIq4ISpVPdXZQta4wpkrmy6RHJtiAm92D/AG36OA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RHo1n9CpWAh6wqQ4DwJlBLowK8ilFq2qHAUw1e9YYw0=; b=VaROU2F5xvSyXqy4+XbP0JRygFLjUHn1uNS2oN3zWJkI2EKa22PVyia7HeBxzAudwzfo2CP9OpmqetEE6/yeqWBWCU1wI7SgMVaRLJ4Jm1RuFpwbTQey/r+s2cTUh7CuG+uEBRps23k3YMtUQC2bHPug55qsxTXDofu1EQoJVSk=
Received: from MW4PR21MB1970.namprd21.prod.outlook.com (2603:10b6:303:70::14) by MN0PR21MB3169.namprd21.prod.outlook.com (2603:10b6:208:379::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.4; Tue, 3 Jan 2023 20:09:36 +0000
Received: from MW4PR21MB1970.namprd21.prod.outlook.com ([fe80::2f06:bfdf:f6d5:598]) by MW4PR21MB1970.namprd21.prod.outlook.com ([fe80::2f06:bfdf:f6d5:598%6]) with mapi id 15.20.6002.005; Tue, 3 Jan 2023 20:09:36 +0000
From: "Steve Syfuhs (AP)" <Steve.Syfuhs@microsoft.com>
To: Jeffrey Altman <jaltman@secure-endpoints.com>, "Olga Kornievskaia (aglo@umich.edu)" <aglo@umich.edu>
CC: "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: [EXTERNAL] Re: [kitten] Question about AES mode in Kerberos
Thread-Index: AQHZH6cY0w/TrDbbDUuSwXEuVltS866NGhuAgAADMYCAAAGwSQ==
Date: Tue, 03 Jan 2023 20:09:36 +0000
Message-ID: <MW4PR21MB1970A436FA5DF2E76F815DFC9CF49@MW4PR21MB1970.namprd21.prod.outlook.com>
References: <CAN-5tyGGJXoo9RfKEGTsk8XeQDpZ--VSnO7nunzvnBBzrRB0WQ@mail.gmail.com> <558f31de-7fac-26c7-fe81-8e486968f0ef@secure-endpoints.com> <CAN-5tyGMpwTCpo9cm25RuB4n8moOoiU35PrE4HRK+Yini=Lp8A@mail.gmail.com> <912e61a5-192c-626f-0a36-7001b567c212@secure-endpoints.com>
In-Reply-To: <912e61a5-192c-626f-0a36-7001b567c212@secure-endpoints.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-01-03T20:08:28.9618931Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR21MB1970:EE_|MN0PR21MB3169:EE_
x-ms-office365-filtering-correlation-id: f35ea6dd-cf6b-48c5-6481-08daedc66fdc
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6jQInjHaXW1ZQb81RuqZKZD9LfvjEBY7kPqNud/kh2CCtHdSUbiUhvYfSgG7yjAN0p3kXltiqXXGwI71UpgqhyJltwuYx+R8IoPNzY1dikJtQBV4ofL/vm0/tBOqq2Og3yCZSusgy49FHeA2VQSkuQSSxzz+Z2fLUKxED8KTDekgjln2uaw9faqwK3T1qQ29egdy+MxAjSkeaH3/2C9w+OYrGAj7/fCccVZAB1Zzl/u29UVkao5OwLnlakw4KYELVNHG4MChvesxoo+ceBbaDsuW0yBv03vpwbLg8UnjiG/MGIKGPYPkSYzAAkkWTfNJlGJvWOjeXCnIs0dJuPAY/fRzia7kBzvgsodo+xqbzamzJZ5dNNKPOBGKldZQYT+vAlTEAGnBEIzO6kimYS45FRVDVfh9YX6f/JPijLbhVHgNacAW4u+EP60K+2ZCemYs0A6wZUqfrYjSyOG6f2HOl1YB629jernAFNSUK+GwIct8pDfNQmGj814X3pnXpbVcm/G/m1a+be/+ev9Q75zonWMSmzzHXFR0EwNOcP4VjcwFu5rXkElGcbmIkPRQDc0DjC+0o/+aKLn/mzXKOJIIsnlhPZJigDZW7H6zSJY0TJ8qL9UwsVPsC4GOAvJHxyr9NY3E1VYn+ARPgmbmHdRVov9y8qqh2KLqkgoIQm+7Ozykb8PKxswmdM6sASHyL61VQD8OKQ5CusJFDMnnD/AnANsvGzwJafjTeFxJifSPaXOhulUDjDIcUq66aqDJEpP+MTUuXTXQaY3q9VQ+i9QgwQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR21MB1970.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(39860400002)(346002)(366004)(136003)(376002)(451199015)(55016003)(33656002)(41300700001)(76116006)(4326008)(66446008)(64756008)(66556008)(8676002)(66946007)(66476007)(5660300002)(83380400001)(52536014)(110136005)(8936002)(7696005)(478600001)(26005)(71200400001)(186003)(53546011)(6506007)(966005)(9686003)(10290500003)(166002)(316002)(86362001)(82960400001)(38070700005)(82950400001)(8990500004)(2906002)(122000001)(38100700002)(22166006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1KPouIQZH+sQhHP8ffX1Az4TD+IDFJXq93uxRXWnN0RW9zgc1EYu9K7JyM+L1SFNJwsTe4XJnEWGgB/09mO5l/X5pDD7eeFmhoqYsadnXqtU1vJlA5+tE5qmkmVOdb6DuaYJ/uwV5ylB7f7JkWz61NeQ+zBsrMiX+b7vAekjy2Iv6okyEnfCm7Xt5lirxw2MZnkY1R3C8wJSgaWN1P2OSwL4bLMd+D1VTO5/TVCdMWshuP9FMRKEtlnGVRmhkNvAT324aIbebBL1Ez7iu0qVR35R0qXU05S6Xv9KAb10huB8WJPV5qcnIP+nqjH382c0dzvP3c09hLRijQed4/a344LTAWBwZx/AEQlL+oZwbYeCRKOH6weijTCodLB3AbewXPwpejVBM4/RaWNaxv7r/fnw+ySIF0lOzqieof0b0HZmpfgHBqI3vNWQYk7bYBXTFsY1wokos9iMWHo0cIruPc1KYYVy5CfvLihdjX3sG+aSFJHL1WUnA560bK9DhT8pP4CeibaqCUYOD/BRjcqSLLh2psY/PhIdp3wvCrHcIPbViM3UP7+986GWagko5Z8Lo6/ZxYK72CzmVOMwz1dB8u7Sz18dFXplyrWra1mhT12KKwD5+PET3COvwn9mBtjH0Or7SANg1TVOnU32g7QG98s0MN1kk1LyB7i+e3OszNSYbJHw0zFHyrEQnY0mlpFDTXF0Db9oqyZH684O6uSGDRudRI5wdYAEPTrcpfygrclUK6UJki0hI9+FeeT4a+d0OqnEr1xNdsHduZA+sGZuOfl2zjgfZJ8GqJlfBlr2xFftOrUUjyoSemph9XylBbudghTdrER7ES1jKoWOstcwAvlXxf1wZ+lJiVAOBw4Zu11ZQ+kG8P03/0CbLw7783Jv9yUlTbYPeKK/KITeJh5eOV/S798ihfE2GjL3AhSdyRD18q8jsoylEVSIs8Dndp+qY7avV09rvWIsKvhV3rPXaFMfbx2aV1GrJbfweBRNEpNr2oVKHD50OCz6uVwJmQvdVTRZG9mEmJQo1I/FY5O1/N/iFws4ckDwAd+MNtxSzswdzSRdBSorxBO13n/+AHl+phPCh7+vF9xYFv8RtFrqZKWmp36T04XtW+2Qd5Bkw3apO5cX+RZOzCdeGxpz0rPya2q4rxjZ/PlvSvSS0VEfLvJtxOipEltUjKQZYDVg025EBR0fGQT0nRIzPNJFnaPDRQkteII2QQwVEM8WMi2VLbJFtgJ9Yg7WhaLwy3d9EGaLxjZ+NKzv7/p3NSlud8PGaxxga2nUN/GHEKln4z1aQoYZm4aNw1FHTZ3UaVQQ+DygwvtBbiE9IBe7ApiK17XFiZRbKwFqYKEizZJ4/6UB1U7Xc4yRHvREHKMNvrrpN8WfONxYK7ejDQvo4rv7WSkfP0up8aDLX/EnWJeR1RAsTlKd814ginEL8MFtaxHGx8GobYO8QE6ibg+zRNfqsX5pAPw46LzVt+qA7uT+Kkcq3wz1fPXy2S3j/LkGCxhHcqSwKOYwUfwU9OHHixvInW7Xv7GxCcgg8TdZp5b5w8oQhITK2G8SaCefEbdOI+FRcFifoIkME4WNwC9YxblvgBGsQdJGmHgJh+PGJBnw1Z5UXQ==
Content-Type: multipart/alternative; boundary="_000_MW4PR21MB1970A436FA5DF2E76F815DFC9CF49MW4PR21MB1970namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR21MB1970.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f35ea6dd-cf6b-48c5-6481-08daedc66fdc
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2023 20:09:36.2056 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0QJCuKD/jvBKmvkG1/EOpC1SavSC9GH5kzHjVki8ZZJND4CrV6z/UWHyufCYGHVoBhInPygpqRfv75BAGamz2Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR21MB3169
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/rzT2fXp6KxuJkVNoSsTcGJ4a2pA>
Subject: Re: [kitten] [EXTERNAL] Re: Question about AES mode in Kerberos
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2023 20:09:42 -0000
CTS is also "just" CBC with a bit of futzing of the first and last block, so hardware acceleration is supported on most devices. ________________________________ From: Kitten <kitten-bounces@ietf.org> on behalf of Jeffrey Altman <jaltman@secure-endpoints.com> Sent: Tuesday, January 3, 2023 12:02:27 PM To: Olga Kornievskaia (aglo@umich.edu) <aglo@umich.edu> Cc: kitten@ietf.org <kitten@ietf.org> Subject: [EXTERNAL] Re: [kitten] Question about AES mode in Kerberos [Some people who received this message don't often get email from jaltman@secure-endpoints.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] On 1/3/2023 2:51 PM, Olga Kornievskaia (aglo@umich.edu) wrote: > > Thank you for the clarification. Now I understand the GCM's unspoken > role in RFC 3961. But I still feel wanting some sort of an explanation > why CTS mode was chosen over GCM (by the working group as a whole). Simple answer. The initial draft of what would become RFC3962 was published five years before Galois/Counter Mode (GCM) was invented. Jeffrey Altman
- [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Jeffrey Altman
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Jeffrey Altman
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Paul Miller (NT)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Olga Kornievskaia
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Ken Hornstein
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Greg Hudson
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Greg Hudson
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata