Re: [quicwg/base-drafts] Encrypting Retry token (#3274)

MikkelFJ <> Mon, 09 December 2019 21:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2BAE91200C5 for <>; Mon, 9 Dec 2019 13:52:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Vsaktw3D8VvO for <>; Mon, 9 Dec 2019 13:52:21 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 59620120086 for <>; Mon, 9 Dec 2019 13:52:21 -0800 (PST)
Date: Mon, 09 Dec 2019 13:52:20 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1575928340; bh=7251glDJCzaHsM7KjHTQx5tVWVmmId55UmIDTOhP874=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=eFgqgN+rNBE1HzbsLhgnmom2+eQbcgY+MjC+yiie6PtHZ0zQrGHQl/Sy2sIrdC1D9 QtZ5e2s35mDXUbWk3FZ0RG4KN06tCsU5GRmEqvG/EMnuLrE+XuGTfDTXxiQBmboii9 j2zKJljyMT1xJb0xbCZ1oZVAgkm1ffkG23A5Y4DU=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3274/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Encrypting Retry token (#3274)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5deec214a5e2e_57043f8f1b0cd96c144775"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Dec 2019 21:52:23 -0000

I don't think you can avoid the AES for GMAC, at least not if both endpoints are to verify the MAC. This is because GCM first receives a "master" key which it then splits into two keys, one for encryption and one for GHASH. This key split is done with an AES operation. So unless both endpoints agree on the GHASH key directly, you need to use AES to derive the GHASH key.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: