Re: [Sframe] "AES-GCM" with secure short tags
Martin Thomson <mt@lowentropy.net> Tue, 28 March 2023 02:23 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D3F5C151543 for <sframe@ietfa.amsl.com>; Mon, 27 Mar 2023 19:23:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="FNP0ztGR"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="OcK4Nc2w"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iX2Mg-B5BzPN for <sframe@ietfa.amsl.com>; Mon, 27 Mar 2023 19:23:53 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEB1AC14F749 for <sframe@ietf.org>; Mon, 27 Mar 2023 19:23:52 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id B0BB45C0075 for <sframe@ietf.org>; Mon, 27 Mar 2023 22:23:51 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Mon, 27 Mar 2023 22:23:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1679970231; x=1680056631; bh=9W 0BkUsbwr7TJnWHVber9sicEC7b99BECFX2372bu+k=; b=FNP0ztGR5MsEFkiRCu tm1CI78FERGLzDXf7IPO1QGzMd8ZQP+C3c2vOVHgRBs5/2yzLaXqfdD47tLL67gA JPBAgoZNUte3FRyJ4WrFkTwsDAPtA+yZbFP9ZgGbpqHhC3el/r3m1c+/PUjyWz55 AEoOF5s16B2zRUNCb1i2n1UQz0zDRFj+CWANPApH8mAI8rnVh1hc1g2L26t3+KtC MUv0YgcVSydlxrwNQKgJNzOK/JCo2rUtXcHmNdu0cJQUNpGR62E1Ts6em6ow38V5 bsPO10/adAJp0yubVcQolV5SNA55yweGPGc7mE934fjHbfJii/nplMAuKFGZcezN bo3A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1679970231; x=1680056631; bh=9W0BkUsbwr7TJ nWHVber9sicEC7b99BECFX2372bu+k=; b=OcK4Nc2wAyMEIsKiitbv8EQ2Ky9dG n8ZqoI1vl0B/yNkpY3dQojWLzq3IWtEETb35nZWAaKBeDuUqxWQHFDUggPK6C7xb 8bWvmsghgwV0o4NcDRGJpQP3kgyMiHUJsHdmQitINOv85hh3CSZOZbmdQhvSOuzi QOWK3kLqmGrOHyZk0wVsKGnvIESPylu43HBmoAK5PhhBg2tLi+DunGII1TmEdNVx CJOylER1OnIGkwj+6rRpFS6WfLzBmZQRUPbuTYoFe3/AMf6tn7YUgqu/LThoKS14 hQtvMF3Xa+xMUvXCBbY7+Y/DtfhzyZ9ehXJGUTdsR6MDS1KcTQQyxovkA==
X-ME-Sender: <xms:t08iZOUlCSpztl6eZw6p0vgIxdGuJGGv4PxNId6dnA3yr1ZCeSyHAA> <xme:t08iZKn8AusqCoKspkiiSKW8uYIxe5kSRhs5bnrsOMvOMByy1EBmD_IhKZZlyACCx Rq5JSQIcl1o98gJ848>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdehfedgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpefhiedttdeviefhjeejgf evfeeuudfggfekveekheeugeegleevkeevkedthfeuieenucffohhmrghinhepihgvthhf rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:t08iZCbCcTAxnnzu8rJFZkplozuwwcZzkSAnHUVQKcVDMi6Ub7ePtA> <xmx:t08iZFU6yQh28tl4E1a-gzxWVhtC45XWDGm29kB58EXJAXcaLUs70w> <xmx:t08iZIn4tUBMHzkenJ8blsfz4120m2jrCk3EOJ_0ywS88v4zCbY65Q> <xmx:t08iZEyIIFuIcBY6GAeHOiYjiOKFDd3qwH4_8MMLIu-YUI2cQT3SsA>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7275B23400A2; Mon, 27 Mar 2023 22:23:51 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-236-g06c0f70e43-fm-20230313.001-g06c0f70e
Mime-Version: 1.0
Message-Id: <583f0c05-3e7d-4355-8c2a-c1d5bc016a71@app.fastmail.com>
In-Reply-To: <GVXPR07MB96780E1B9E263079EA6FDAF7898B9@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <GVXPR07MB967868DFBBBE4EE9AB651B79898B9@GVXPR07MB9678.eurprd07.prod.outlook.com> <92D3C02C-AE3B-4E02-9AC0-82B5723F78CA@beurdouche.com> <GVXPR07MB96780E1B9E263079EA6FDAF7898B9@GVXPR07MB9678.eurprd07.prod.outlook.com>
Date: Tue, 28 Mar 2023 11:23:21 +0900
From: Martin Thomson <mt@lowentropy.net>
To: sframe@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/_Q9fHI6KILbAMDKW_a65itQb4ao>
Subject: Re: [Sframe] "AES-GCM" with secure short tags
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2023 02:23:57 -0000
Thanks John, Though SFrame (though maybe SRTP more so) would be a very good driver for this, but the CFRG is the right place to start. We're not chartered to document new cryptographic modes, though we might be willing to cheer from the sidelines. On Mon, Mar 27, 2023, at 18:15, John Mattsson wrote: > Benjamin Beurdouche wrote: >>Could you point us at the papers for these analysis please ? > > The ETSI SAGE documents are not public yet. As there seem to be > interest I will try to submit information (likely in draft form) to > CFRG as soon as possible. > > Richard Barnes wrote: >>I expect something truncatable would be of interest for a variety of media-encryption things (SRTP, SFrame, MoQ, et al.). Audio packets are small, numerous, and ephemeral, so on the one hand, they are very sensitive in percentage terms to crypto overhead, and on the other hand, you don't care a ton about forgery of any individual packet. > > Yes, that a good overview. I agree. > > John > > *From: *Benjamin Beurdouche <ietf@beurdouche.com> > *Date: *Monday, 27 March 2023 at 18:04 > *To: *John Mattsson <john.mattsson@ericsson.com> > *Cc: *sframe@ietf.org <sframe@ietf.org> > *Subject: *Re: [Sframe] "AES-GCM" with secure short tags > Hi John, > > >> Would SFRAME WG be interested in such an algorithm (AES-GCM with trucatable tags)? If so I could submit such a draft to to CFRG. ETSI SAGE has done quite a lot of security analysis on this. > > Could you point us at the papers for these analysis please ? > > Many thanks ! > Benjamin > -- > Sframe mailing list > Sframe@ietf.org > https://www.ietf.org/mailman/listinfo/sframe
- Re: [Sframe] "AES-GCM" with secure short tags Richard Barnes
- [Sframe] "AES-GCM" with secure short tags John Mattsson
- Re: [Sframe] "AES-GCM" with secure short tags Benjamin Beurdouche
- Re: [Sframe] "AES-GCM" with secure short tags John Mattsson
- Re: [Sframe] "AES-GCM" with secure short tags Martin Thomson