Re: [tcpm] handling variable length keys in draft-lebovitz-ietf-tcpm-tcp-ao-crypto
"Gregory M. Lebovitz" <gregory.ietf@gmail.com> Sun, 26 July 2009 19:43 UTC
Return-Path: <gregory.ietf@gmail.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FAF13A69C0 for <tcpm@core3.amsl.com>; Sun, 26 Jul 2009 12:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmAFxojjjG3q for <tcpm@core3.amsl.com>; Sun, 26 Jul 2009 12:43:49 -0700 (PDT)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by core3.amsl.com (Postfix) with ESMTP id 77F693A6886 for <tcpm@ietf.org>; Sun, 26 Jul 2009 12:43:49 -0700 (PDT)
Received: by ey-out-2122.google.com with SMTP id 22so681668eye.31 for <tcpm@ietf.org>; Sun, 26 Jul 2009 12:43:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:x-mailer:date:to :from:subject:cc:in-reply-to:references:mime-version:content-type; bh=k3Zirwjy/W/WvFIMR0YXWDoiuph07Xl7VlgPvXI3xSc=; b=Py6QlrHxfyLYvr0D47JIvfIM1mbLMA3tKK1A3JX832IjYJYFWMgUDcfLtIT00VshVa EqDfst7AVyulSbveb5f01kqgqCiK3Q8if4WQy3fHkazFkMnqTwa2pm9Fredy1Uy/d+1h sRdgfofFFXhMlYc3/z4FG06YZE+yTB5DRtVcs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:x-mailer:date:to:from:subject:cc:in-reply-to:references :mime-version:content-type; b=mHAjuRuDICHlEBQ4eIZ+stvORLFLs8ithd7tzIJLmMqZHrW9IcNt+q3laHAvYGQY0W Fr/q/6OhFC2jCOs8bLOOG6EdGjrqwOtmhl8u+yYfl6TvKkcxDyjabn9iUWwg1x9/mZw+ ui5B1Kjr65ooJotfkmqq5d7XmzLauVqjcEe/4=
Received: by 10.210.86.1 with SMTP id j1mr7249059ebb.61.1248637427864; Sun, 26 Jul 2009 12:43:47 -0700 (PDT)
Received: from Gregory-T60.gmail.com (host-78-64-88-46.homerun.telia.com [78.64.88.46]) by mx.google.com with ESMTPS id 5sm4238482eyf.4.2009.07.26.12.43.44 (version=SSLv3 cipher=RC4-MD5); Sun, 26 Jul 2009 12:43:46 -0700 (PDT)
Message-ID: <4a6cb1f2.0506d00a.33a2.18df@mx.google.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Sun, 26 Jul 2009 12:43:37 -0700
To: "Polk, William T." <william.polk@nist.gov>, "mcgrew@cisco.com" <mcgrew@cisco.com>
From: "Gregory M. Lebovitz" <gregory.ietf@gmail.com>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C49307859925B8@MBCLUSTER.xchan ge.nist.gov>
References: <D7A0423E5E193F40BE6E94126930C49307859925B8@MBCLUSTER.xchange.nist.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: "housley@vigilsec.com" <housley@vigilsec.com>, "tcpm@ietf.org" <tcpm@ietf.org>, "Pasi.Eronen@nokia.com" <Pasi.Eronen@nokia.com>
Subject: Re: [tcpm] handling variable length keys in draft-lebovitz-ietf-tcpm-tcp-ao-crypto
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2009 19:43:50 -0000
Tim, This is helpful, thanks. We will proceed toward WG LC with the mechanism as represented in draft v-01. If later, after further discussions within the cryptographic community, it is decided that the randomness extraction mechanism to go from a variable-length user-given string to a 128-bit key would be better accomplished some other way, then we can always do a quick -bis on the RFC and update the mechanism. That's easy enough for a small RFC like this. Gregory. At 08:40 AM 7/26/2009, Polk, William T. wrote: >Gregory, > >As requested, Pasi and I took a look at how >draft-lebovitz-ietf-tcpm-tcp-ao-crypto >handles the AES-CMAC case when the master key is not 128 bits. > >The method currently used (using AES-CMAC with a known fixed key as a >"randomness extractor") is basically the same as used in IKEv2 (RFC >4615 and 4434), except IKEv2 uses all-zeroes key (but the specific >value of the known fixed key shouldn't matter much -- just pick one). > >Using the same method in TCP-AO would be acceptable us, and seems >strongly preferable to requiring network admins to configure exactly >128 bit keys. > >Other methods of getting from "what the admin configures" to 128 bits >could work, too. Since the output of this step is *only* used as the >key for further PRF calculations (and for *nothing* else), the >requirements for it are very limited. If all keys were <= 128 bits, >even something trivial such as padding with zeroes would work -- so >this step doesn't even have to be one-way. Since we need to handle >also keys >128 bits, simple padding isn't enough, of course. If the WG >wants AES-only method, the one that's in the draft now seems OK to us. > >I hope this was helpful. > >Tim Polk >Pasi Eronen
- Re: [tcpm] handling variable length keys in draft… Gregory M. Lebovitz
- Re: [tcpm] handling variable length keys in draft… Eric Rescorla
- Re: [tcpm] handling variable length keys in draft… Gregory M. Lebovitz
- [tcpm] handling variable length keys in draft-leb… Polk, William T.
- Re: [tcpm] handling variable length keys in draft… Polk, William T.
- Re: [tcpm] handling variable length keys in draft… Eric Rescorla