Re: Review of draft-zorn-radius-keywrap
"Dan Harkins" <dharkins@lounge.org> Sat, 18 December 2010 19:26 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4576C3A6B82 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Sat, 18 Dec 2010 11:26:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUbug0vOJi3A for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Sat, 18 Dec 2010 11:26:03 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 56C8F3A6B77 for <radext-archive-IeZ9sae2@lists.ietf.org>; Sat, 18 Dec 2010 11:26:02 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1PU2OD-0009Oi-Qb for radiusext-data0@psg.com; Sat, 18 Dec 2010 19:24:21 +0000
Received: from colo.trepanning.net ([69.55.226.174]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <dharkins@lounge.org>) id 1PU2OB-0009OX-7D for radiusext@ops.ietf.org; Sat, 18 Dec 2010 19:24:19 +0000
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 72A7A1022404C; Sat, 18 Dec 2010 11:24:17 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sat, 18 Dec 2010 11:24:17 -0800 (PST)
Message-ID: <49e6307ebfbe98ff4c45bda6f3ce4024.squirrel@www.trepanning.net>
In-Reply-To: <4D0CA771.6080307@deployingradius.com>
References: <4D079C0D.5000608@deployingradius.com> <739c8ad72a2c6887ce2b0910c3a3b124.squirrel@www.trepanning.net> <4D0CA771.6080307@deployingradius.com>
Date: Sat, 18 Dec 2010 11:24:17 -0800
Subject: Re: Review of draft-zorn-radius-keywrap
From: Dan Harkins <dharkins@lounge.org>
To: Alan DeKok <aland@deployingradius.com>
Cc: Dan Harkins <dharkins@lounge.org>, 'radext mailing list' <radiusext@ops.ietf.org>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>
Alan, I am not attempting to impress you, just to inform you. AES Key Wrap was not "invented solely for this specification". It was developed by NIST and published in November of 2001. It has widespread use and has received cryptographic analysis. These statements are true whether the draft makes mention of them or not. Dan. On Sat, December 18, 2010 4:22 am, Alan DeKok wrote: > Dan Harkins wrote: >> Neither AES Key Wrap nor (D)TLS are "signature methods". AES Key Wrap >> is providing an integrity check and confidentiality only on a random >> key. > > The document contains a Message-Authentication-Code attribute, which > is defined as: > > This Attribute MAY be used to "sign" messages ... > > The following text describes an "ad hoc" method for signing packets. > It is not based on keywrap. > > Perhaps you haven't read the document, or you didn't notice the pages > of text talking about a new packet signature method? > >> This technique is now new; it's used in 802.11 (you should note that >> the draft in question pre-dates the "guidelines" document). > > I'm suitably impressed with this irrelevant fact. > >> AES Key Wrap has received quite a bit of analysis. There is a very >> good critique of it in "Deterministic Authenticated Encryption: A >> Provable Security Treatment of the Key Wrap Problem" by Rogaway and >> Shrimpton available at: >> >> http://web.cecs.pdx.edu/~teshrim/keywrap.pdf > > Which is not referenced anywhere in the document. > > In fact, there is *no* reference in the document to any security > analysis, origin, or history of the "keywrap" method. The *only* > reference to "keywrap" is in the document title. > > Given the document *on its face*, the authors have given us every > reason to believe that the cryptographic methods described in it were > invented solely for this specification. > > Alan DeKok. > > -- > to unsubscribe send a message to radiusext-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://psg.com/lists/radiusext/> > -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- Review of draft-zorn-radius-keywrap Alan DeKok
- Review of draft-zorn-radius-keywrap Bernard Aboba
- RE: Review of draft-zorn-radius-keywrap Romascanu, Dan (Dan)
- Re: Review of draft-zorn-radius-keywrap Alan DeKok
- RE: Review of draft-zorn-radius-keywrap Romascanu, Dan (Dan)
- Re: Review of draft-zorn-radius-keywrap Alan DeKok
- Re: Review of draft-zorn-radius-keywrap Dan Harkins
- Re: Review of draft-zorn-radius-keywrap Alan DeKok
- Re: Review of draft-zorn-radius-keywrap Dan Harkins
- Re: Review of draft-zorn-radius-keywrap Alan DeKok