Re: [Ietf-krb-wg] Des and 3DES PRF: 16 or 8 bytes
Jeffrey Hutzelman <jhutz@cmu.edu> Fri, 01 May 2009 16:58 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BECE63A69A8 for <ietfarch-krb-wg-archive@core3.amsl.com>; Fri, 1 May 2009 09:58:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.005
X-Spam-Level:
X-Spam-Status: No, score=-4.005 tagged_above=-999 required=5 tests=[AWL=-1.406, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dYaOgcsWt5um for <ietfarch-krb-wg-archive@core3.amsl.com>; Fri, 1 May 2009 09:58:05 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B9ED93A68C7 for <krb-wg-archive@lists.ietf.org>; Fri, 1 May 2009 09:58:05 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 931F046; Fri, 1 May 2009 11:59:29 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8616442; Fri, 1 May 2009 11:59:27 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 2F52980DFD; Fri, 1 May 2009 11:59:27 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id ABA3180DF1 for <ietf-krb-wg@lists.anl.gov>; Fri, 1 May 2009 11:59:25 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 916EC30; Fri, 1 May 2009 11:59:25 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7FEC940 for <ietf-krb-wg@anl.gov>; Fri, 1 May 2009 11:59:25 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 7AEA730 for <ietf-krb-wg@anl.gov>; Fri, 1 May 2009 11:59:25 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id DD7E37CC0A3; Fri, 1 May 2009 11:59:24 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29217-02; Fri, 1 May 2009 11:59:24 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id B007C7CC0A1 for <ietf-krb-wg@anl.gov>; Fri, 1 May 2009 11:59:24 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUCAG/H+kmAAskQkWdsb2JhbACWZQEBAQEJCwoHEQWpEIcOiE2DfQWHdg
X-IronPort-AV: E=Sophos;i="4.40,280,1238994000"; d="scan'208";a="26559827"
Received: from jackfruit.srv.cs.cmu.edu ([128.2.201.16]) by mailgateway.anl.gov with ESMTP; 01 May 2009 11:59:24 -0500
Received: from atlantis-home.pc.cs.cmu.edu (ATLANTIS-HOME.PC.CS.CMU.EDU [128.2.184.185]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n41GxLWg007513 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 1 May 2009 12:59:22 -0400 (EDT)
Date: Fri, 01 May 2009 11:51:14 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>, ietf-krb-wg@anl.gov, lha@apple.com, krbdev@mit.edu, heimdal-discuss@sics.se
Message-ID: <EB948A78F15F39EE675DE8D1@atlantis.pc.cs.cmu.edu>
In-Reply-To: <200904302025.n3UKPuk2024367@mx02.srv.cs.cmu.edu>
References: <200904302025.n3UKPuk2024367@mx02.srv.cs.cmu.edu>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Disposition: inline
X-Scanned-By: mimedefang-cmuscs on 128.2.201.16
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: jhutz@cmu.edu
Subject: Re: [Ietf-krb-wg] Des and 3DES PRF: 16 or 8 bytes
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
--On Thursday, April 30, 2009 04:25:09 PM -0400 Sam Hartman <hartmans-ietf@mit.edu> wrote: > > > Folks, it was not clear in the discussion at IETf 74 whether we wanted > to have the RFC 3961 PRF for 3DES change to be an 8-byte output or > not. Currently if you assume that the text says to truncate to the > nearest multiple of m, then the 3DES PRF should be 16 bytes. Hrm. This goes directly back to the discussion of whether we want to truncate to the nearest multiple of the cipher block size, or to the block size itself. I believe we've rather thoroughly had the discussion of the relative security merits of the two approaches, but we were rather focused on AES. Now you are bringing up an interoperability issue relating to 3DES, which happens to be the only _other_ standardized simplified-profile CBC-mode enctype for which "truncate the output of H to the nearest multiple of m" does not mean the same thing as "truncate the output of H to c". Of course, AFAIK it is also the only other standardized simplified-profile CBC-mode enctype, period. I believe we have already come to the conclusion that "truncate to the nearest multiple of m" is the only reasonable interpretation of what 3961 says, and so changing AES will involve updating 3961 and/or 3962. Provided that we are satisfied that the 3961 behavior for 3DES is acceptable, or that the interop considerations are more important, I see no reason we cannot treat 3DES specially at that time, retaining the existing. truncate-to-128-bits behavior. Of course, I don't think I've seen any discussion yet from the working group on the question Sam raised... -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] Des and 3DES PRF: 16 or 8 bytes Sam Hartman
- Re: [Ietf-krb-wg] Des and 3DES PRF: 16 or 8 bytes Jeffrey Hutzelman