Re: [tcpm] handling variable length keys in draft-lebovitz-ietf-tcpm-tcp-ao-crypto
"Polk, William T." <william.polk@nist.gov> Mon, 27 July 2009 06:45 UTC
Return-Path: <william.polk@nist.gov>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64B6D28C11B for <tcpm@core3.amsl.com>; Sun, 26 Jul 2009 23:45:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.779
X-Spam-Level:
X-Spam-Status: No, score=-6.779 tagged_above=-999 required=5 tests=[AWL=-0.180, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vavhXZlIyDAN for <tcpm@core3.amsl.com>; Sun, 26 Jul 2009 23:45:24 -0700 (PDT)
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by core3.amsl.com (Postfix) with ESMTP id 6183A28C10A for <tcpm@ietf.org>; Sun, 26 Jul 2009 23:45:24 -0700 (PDT)
Received: from WSXGHUB1.xchange.nist.gov (wsxghub1.nist.gov [129.6.18.96]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n6R6jHfU010864; Mon, 27 Jul 2009 02:45:17 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([2002:8106:1260::8106:1260]) with mapi; Mon, 27 Jul 2009 02:45:17 -0400
From: "Polk, William T." <william.polk@nist.gov>
To: Eric Rescorla <ekr@networkresonance.com>, "Gregory M. Lebovitz" <gregory.ietf@gmail.com>
Date: Mon, 27 Jul 2009 02:40:55 -0400
Thread-Topic: [tcpm] handling variable length keys in draft-lebovitz-ietf-tcpm-tcp-ao-crypto
Thread-Index: AcoOSAr8DJq7sEDlTDGDQCn2PGg96AAPSYP3
Message-ID: <D7A0423E5E193F40BE6E94126930C49307859925BA@MBCLUSTER.xchange.nist.gov>
References: <D7A0423E5E193F40BE6E94126930C49307859925B8@MBCLUSTER.xchange.nist.gov>, <20090726232624.B2E5050822@romeo.rtfm.com>
In-Reply-To: <20090726232624.B2E5050822@romeo.rtfm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: william.polk@nist.gov
X-Mailman-Approved-At: Mon, 27 Jul 2009 08:02:15 -0700
Cc: "Pasi.Eronen@nokia.com" <Pasi.Eronen@nokia.com>, "tcpm@ietf.org" <tcpm@ietf.org>, "mcgrew@cisco.com" <mcgrew@cisco.com>, "housley@vigilsec.com" <housley@vigilsec.com>
Subject: Re: [tcpm] handling variable length keys in draft-lebovitz-ietf-tcpm-tcp-ao-crypto
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2009 06:45:25 -0000
Ekr, Your objections on the magic number are well taken. Since zeroes would be a holdover from 4615 and 4434, that value won't introduce any new issues. I think that would be the best course of action. Tim ________________________________________ From: Eric Rescorla [ekr@networkresonance.com] Sent: Sunday, July 26, 2009 7:26 PM To: Gregory M. Lebovitz Cc: Polk, William T.; mcgrew@cisco.com; housley@vigilsec.com; tcpm@ietf.org; Pasi.Eronen@nokia.com Subject: Re: [tcpm] handling variable length keys in draft-lebovitz-ietf-tcpm-tcp-ao-crypto At Sun, 26 Jul 2009 12:43:37 -0700, Gregory M. Lebovitz wrote: > > Tim, > This is helpful, thanks. We will proceed toward WG LC with the > mechanism as represented in draft v-01. I'll be sending my comments on v-01 shortly, but I object to the magic number in the current mechanism. If we're going to use a magic key, it should be zero or some other anchor point. The use of a random number pulled out of the air is highly inappropriate in cryptographic systems [I refer you to the contrroversy over the DES S-boxes]. -Ekr > If later, after further discussions within the cryptographic > community, it is decided that the randomness extraction mechanism to > go from a variable-length user-given string to a 128-bit key would be > better accomplished some other way, then we can always do a quick > -bis on the RFC and update the mechanism. That's easy enough for a > small RFC like this. > Gregory. > > At 08:40 AM 7/26/2009, Polk, William T. wrote: > >Gregory, > > > >As requested, Pasi and I took a look at how > >draft-lebovitz-ietf-tcpm-tcp-ao-crypto > >handles the AES-CMAC case when the master key is not 128 bits. > > > >The method currently used (using AES-CMAC with a known fixed key as a > >"randomness extractor") is basically the same as used in IKEv2 (RFC > >4615 and 4434), except IKEv2 uses all-zeroes key (but the specific > >value of the known fixed key shouldn't matter much -- just pick one). > > > >Using the same method in TCP-AO would be acceptable us, and seems > >strongly preferable to requiring network admins to configure exactly > >128 bit keys. > > > >Other methods of getting from "what the admin configures" to 128 bits > >could work, too. Since the output of this step is *only* used as the > >key for further PRF calculations (and for *nothing* else), the > >requirements for it are very limited. If all keys were <= 128 bits, > >even something trivial such as padding with zeroes would work -- so > >this step doesn't even have to be one-way. Since we need to handle > >also keys >128 bits, simple padding isn't enough, of course. If the WG > >wants AES-only method, the one that's in the draft now seems OK to us. > > > >I hope this was helpful. > > > >Tim Polk > >Pasi Eronen > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] handling variable length keys in draft… Gregory M. Lebovitz
- Re: [tcpm] handling variable length keys in draft… Eric Rescorla
- Re: [tcpm] handling variable length keys in draft… Gregory M. Lebovitz
- [tcpm] handling variable length keys in draft-leb… Polk, William T.
- Re: [tcpm] handling variable length keys in draft… Polk, William T.
- Re: [tcpm] handling variable length keys in draft… Eric Rescorla