Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt

Greetings.

I agree that it could be useful to add a paragraph, containing the reasoning 
for this.

IMIT_GOST28147 is not an HMAC, it is basicly a form of GOST28147 cipher.
To be robust to attacks based on timing and EMI analysis, one symmetric key
should not  be used for large quantities of plaintext, so the key meshing 
algorithm
from draft-popov-cryptopro-cpalgs-04.txt is applied.

This "abberation" can be rephrased in a following way: MACed_data[seq_num]
is MACed, using the cipher state, produced by processing the previous 
record.

Good luck!

----- Original Message ----- 
From: "Dmitry Belyavsky" <beldmit@cryptocom.ru>
To: "Russ Housley" <housley@vigilsec.com>
Cc: <tls@ietf.org>
Sent: Tuesday, November 29, 2005 5:40 PM
Subject: Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt

> Greetings!
>
...
>
> What can you say about section 3.3 of draft-chudov-cryptopro-cptls-02.txt?
> It describes a non-reasoned aberration from RFC 2246:
>
> ====================
>   For all four cipher suites, the use of MAC is slighttly different
>   from the one, described in section 6.2.3.1 of [TLS].  In [TLS], MAC
>   is calculated from the following data:
>
>     MACed_data[seq_num] = seq_num +
>                           TLSCompressed.type +
>                           TLSCompressed.version +
>                           TLSCompressed.length +
>                           TLSCompressed.fragment;
>
>   These cipher suites use the same input for first record, but for each
>   next record the input from all previous records is concatenated:
>
>     MACed_data[0] + ... + MACed_data[n]
> ====================
>
>
> -- 
> SY, Dmitry Belyavsky (ICQ UIN 11116575)
>
>
> _______________________________________________
> TLS mailing list
> TLS@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/tls
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls