IETF Logo Mail Archive

Re: Review of draft-zorn-radius-keywrap

Alan DeKok <aland@deployingradius.com> Sat, 18 December 2010 12:25 UTC

Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5340A3A69CD for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Sat, 18 Dec 2010 04:25:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.588
X-Spam-Level:
X-Spam-Status: No, score=-102.588 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uvvvZ1Ko4KbG for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Sat, 18 Dec 2010 04:25:28 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 514B83A69C7 for <radext-archive-IeZ9sae2@lists.ietf.org>; Sat, 18 Dec 2010 04:25:28 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1PTvnr-000CJV-Hc for radiusext-data0@psg.com; Sat, 18 Dec 2010 12:22:23 +0000
Received: from liberty.deployingradius.com ([88.191.76.128]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <aland@deployingradius.com>) id 1PTvno-000CJF-UP for radiusext@ops.ietf.org; Sat, 18 Dec 2010 12:22:21 +0000
Message-ID: <4D0CA771.6080307@deployingradius.com>
Date: Sat, 18 Dec 2010 13:22:09 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Dan Harkins <dharkins@lounge.org>
CC: 'radext mailing list' <radiusext@ops.ietf.org>
Subject: Re: Review of draft-zorn-radius-keywrap
References: <4D079C0D.5000608@deployingradius.com> <739c8ad72a2c6887ce2b0910c3a3b124.squirrel@www.trepanning.net>
In-Reply-To: <739c8ad72a2c6887ce2b0910c3a3b124.squirrel@www.trepanning.net>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>

Dan Harkins wrote:
>   Neither AES Key Wrap nor (D)TLS are "signature methods". AES Key Wrap
> is providing an integrity check and confidentiality only on a random key.

  The document contains a Message-Authentication-Code attribute, which
is defined as:

   This Attribute MAY be used to "sign" messages ...

  The following text describes an "ad hoc" method for signing packets.
It is not based on keywrap.

  Perhaps you haven't read the document, or you didn't notice the pages
of text talking about a new packet signature method?

> This technique is now new; it's used in 802.11 (you should note that
> the draft in question pre-dates the "guidelines" document).

  I'm suitably impressed with this irrelevant fact.

>   AES Key Wrap has received quite a bit of analysis. There is a very
> good critique of it in "Deterministic Authenticated Encryption: A
> Provable Security Treatment of the Key Wrap Problem" by Rogaway and
> Shrimpton available at:
> 
>             http://web.cecs.pdx.edu/~teshrim/keywrap.pdf

  Which is not referenced anywhere in the document.

  In fact, there is *no* reference in the document to any security
analysis, origin, or history of the "keywrap" method.  The *only*
reference to "keywrap" is in the document title.

  Given the document *on its face*, the authors have given us every
reason to believe that the cryptographic methods described in it were
invented solely for this specification.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

v2.23.0 | Report a Bug | By Email