IETF Logo Mail Archive

Re: [kitten] considering abandoning CTS mode (Re: I-D Action:draft-ietf-kitten-aes-cts-hmac-sha2-01.txt)

Sam Hartman <hartmans-ietf@mit.edu> Wed, 14 August 2013 16:21 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D0C21E80B6 for <kitten@ietfa.amsl.com>; Wed, 14 Aug 2013 09:21:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfmK1jt7hd25 for <kitten@ietfa.amsl.com>; Wed, 14 Aug 2013 09:21:45 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 3F29521E808C for <kitten@ietf.org>; Wed, 14 Aug 2013 09:21:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 4575920287; Wed, 14 Aug 2013 12:20:34 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7efjWHFvmQph; Wed, 14 Aug 2013 12:20:33 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Wed, 14 Aug 2013 12:20:33 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id D22BD8051A; Wed, 14 Aug 2013 12:21:42 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Michiko Short <michikos@microsoft.com>
References: <5674376E76F88641AD3748A64F0996971AAA4F35@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Wed, 14 Aug 2013 12:21:42 -0400
In-Reply-To: <5674376E76F88641AD3748A64F0996971AAA4F35@TK5EX14MBXC285.redmond.corp.microsoft.com> (Michiko Short's message of "Thu, 8 Aug 2013 22:02:08 +0000")
Message-ID: <tsly584dyzt.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] considering abandoning CTS mode (Re: I-D Action:draft-ietf-kitten-aes-cts-hmac-sha2-01.txt)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 16:21:52 -0000

>>>>> "Michiko" == Michiko Short <michikos@microsoft.com> writes:

    Michiko> Apologies for the late response, I have not been tracking
    Michiko> the crypto discussions on aes-cts-hmac-sha2, so I did not
    Michiko> realize a response was needed.  Since the issue which
    Michiko> requires the padding is caused by applications that do not
    Michiko> use the SSPI APIs correctly, this should not be driver for
    Michiko> the new crypto. Windows SSPI functions exist for an
    Michiko> application to obtain the required lengths for use with the
    Michiko> in-place encryption functions. Performance and security
    Michiko> should be the drivers for selection of the new AES
    Michiko> algorithm. We do get a lot of feedback about perf.

So, when were the padding length functions introduced?
I seem to recall that MSDN used to say that the padding buffer would
never be greater than 8.
Am I misremembering?
Is that no longer a concern?

v2.23.0 | Report a Bug | By Email