Re: [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
Christian Huitema <huitema@huitema.net> Sun, 07 May 2023 18:07 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF3D7C14CE5F for <sframe@ietfa.amsl.com>; Sun, 7 May 2023 11:07:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKNU8O9gw585 for <sframe@ietfa.amsl.com>; Sun, 7 May 2023 11:07:09 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C186C14CE33 for <sframe@ietf.org>; Sun, 7 May 2023 11:07:09 -0700 (PDT)
Received: from xse93.mail2web.com ([66.113.196.93] helo=xse.mail2web.com) by mx198.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1pviml-000HHR-Kd for sframe@ietf.org; Sun, 07 May 2023 20:07:08 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4QDsnc2kd8z2vS for <sframe@ietf.org>; Sun, 7 May 2023 11:07:00 -0700 (PDT)
Received: from [10.5.2.14] (helo=xmail04.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1pvimi-0001zC-7p for sframe@ietf.org; Sun, 07 May 2023 11:07:00 -0700
Received: (qmail 8028 invoked from network); 7 May 2023 18:06:59 -0000
Received: from unknown (HELO [192.168.1.104]) (Authenticated-user:_huitema@huitema.net@[172.58.43.230]) (envelope-sender <huitema@huitema.net>) by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA for <john.mattsson=40ericsson.com@dmarc.ietf.org>; 7 May 2023 18:06:59 -0000
Message-ID: <343a4bf1-7a57-0084-5280-1556c9da4c36@huitema.net>
Date: Sun, 07 May 2023 11:06:59 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1
Content-Language: en-US
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, IRTF CFRG <cfrg@irtf.org>, "sframe@ietf.org" <sframe@ietf.org>, "moq@ietf.org" <moq@ietf.org>
References: <168329718302.50127.18120629996969657@ietfa.amsl.com> <GVXPR07MB96781F20D284D7C999F7BBA789729@GVXPR07MB9678.eurprd07.prod.outlook.com>
From: Christian Huitema <huitema@huitema.net>
In-Reply-To: <GVXPR07MB96781F20D284D7C999F7BBA789729@GVXPR07MB9678.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: 66.113.196.93
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.09)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT/beeOh5J9KtgAkOrORHv/IPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5wfkqdC9QVlTU7raVHhgzV142UuDhyzVYcwl2RB+0Aaekwd 16YRdzdK8KilqhLvj78h55uqY3MhMgFAHq5BxPxPXn36fLqvhISQ5ykyqUZqUd1jhnM/Mbva2XLV /LIEzaL2KoAZhJekBPedneT7f699RoBERTiT8SU+deo7hfLSA4PAgTtUp75uqlx0KezvZHXeaMIk 0nUNJE4XTTgckTVRWQaaSSaRcFTFxaRvADgOuFdAU5fRzM/QzQW9/IoH33AG8ECuCwECazCwODtO F78PiyQEs+dlGXUJLWZ+Gc08Nmllke3azHdKmySKNUVQl4ntlVxnbS8qIO7oudHyb2T1VQ58xe/l rqiRGalI3YPsxOTrFXToVyBmRCgQVX6zVyFUu8qzeMQP6uTHL0d9UjfYgBBNGjSbbSRA1Z+Pmb5M C1YFvf25LVONYbYifH5OzZDcG6hsRQZiAIgw+z837AqgX7ewI8e1h7RITgN14BHmGVt/ReJ9Mfhz zmbKTH7wI9GEU1utNskUAORCV2WFZX0jn77JsoOpVR7f8zErcuTCv0dW2WWUnRAQx760bGSzt53a PjMPHqrDAZqMhjvIsQ5LDRojSVizNl0ce/s7u0P9b9Tml6eOMCV9kYYwkPx6ZsXvIUzTXkDAiiJi mGhLUFuSW8D9t0kz0vlag+LRt89q4Opfv3GFbSOceTy6AAq+EymyuLfHqAnAj7rgKH7+eCmmuAzX rYcULvUNdE5uDwiStlShcA6Xvva2QAVEjpqzANap+28aWyCRVT7YkY7LckVcZlve1j6LR76tHsqC LV6og713qFZSq8Fx+9otn0aqja8VKPqpdskk5LxBR/9t1zMMkdu6/R2FM84kxYRFSvC1IDg1BRW7 hzp8w3iHcOwbVtsmWfnQGGis4EvbR3jXsI0ESXwhBU2hwt/J18C+HygJl/jEzm1SsR8v3aJbN/NZ fa8pHhHaz+HPa0HAgEx4sWDF
X-Report-Abuse-To: spam@quarantine14.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/H0LVlyI5soU5PngF2ZgVZtBjxSE>
Subject: Re: [Sframe] [Moq] FW: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 May 2023 18:07:13 -0000
John, You should probably send this to the QUIC list as well. Media over QUIC is just one application of QUIC. If the "short tags" can save per packet overhead while maintaining security properties, then they are interesting for many QUIC applications. -- Christian Huitema On 5/5/2023 7:45 AM, John Mattsson wrote: > Hi, > > We just submitted draft-mattsson-cfrg-aes-gcm-sst-00. Advanced Encryption Standard (AES) with Galois Counter Mode with Secure Short Tags (AES-GCM-SST) is very similar to AES-GCM but have short tags with forgery probabilities close to ideal. The changes to AES-GCM were suggested by Nyberg et al. in 2005 as a comment to NIST and are based on proven theoretical constructions. > > AES-GCM performance with secure short tags have many applications, one of them is media encryption. Audio packets are small, numerous, and ephemeral, so on the one hand, they are very sensitive in percentage terms to crypto overhead, and on the other hand, forgery of individual packets is not a big concern. > > Cheers, > John > > From: internet-drafts@ietf.org <internet-drafts@ietf.org> > Date: Friday, 5 May 2023 at 16:33 > To: John Mattsson <john.mattsson@ericsson.com>, Alexander Maximov <alexander.maximov@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>, Matt Campagna <campagna@amazon.com>, Matthew Campagna <campagna@amazon.com> > Subject: New Version Notification for draft-mattsson-cfrg-aes-gcm-sst-00.txt > > A new version of I-D, draft-mattsson-cfrg-aes-gcm-sst-00.txt > has been successfully submitted by John Preuß Mattsson and posted to the > IETF repository. > > Name: draft-mattsson-cfrg-aes-gcm-sst > Revision: 00 > Title: Galois Counter Mode with Secure Short Tags (GCM-SST) > Document date: 2023-05-05 > Group: Individual Submission > Pages: 16 > URL: https://www.ietf.org/archive/id/draft-mattsson-cfrg-aes-gcm-sst-00.txt > Status: https://datatracker.ietf.org/doc/draft-mattsson-cfrg-aes-gcm-sst/ > Html: https://www.ietf.org/archive/id/draft-mattsson-cfrg-aes-gcm-sst-00.html > Htmlized: https://datatracker.ietf.org/doc/html/draft-mattsson-cfrg-aes-gcm-sst > > > Abstract: > This document defines the Galois Counter Mode with Secure Short Tags > (GCM-SST) Authenticated Encryption with Associated Data (AEAD) > algorithm. GCM-SST can be used with any keystream generator, not > just a block cipher. The main differences compared to GCM [GCM] is > that GCM-SST uses an additional subkey Q, that fresh subkeys H and Q > are derived for each nonce, and that the POLYVAL function from AES- > GCM-SIV is used instead of GHASH. This enables short tags with > forgery probabilities close to ideal. This document also registers > several instances of Advanced Encryption Standard (AES) with Galois > Counter Mode with Secure Short Tags (AES-GCM-SST). > > This document is the product of the Crypto Forum Research Group. > > > > > The IETF Secretariat > >
- [Sframe] FW: New Version Notification for draft-m… John Mattsson
- Re: [Sframe] [Moq] FW: New Version Notification f… Christian Huitema
- Re: [Sframe] [Moq] FW: New Version Notification f… Jonathan Lennox
- Re: [Sframe] [EXT] Re: [CFRG] [Moq] FW: New Versi… Blumenthal, Uri - 0553 - MITLL
- Re: [Sframe] [AVTCORE] [Moq] FW: New Version Noti… Roman Shpount
- Re: [Sframe] [AVTCORE] [Moq] FW: New Version Noti… John Mattsson