Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt
Dmitry Belyavsky <beldmit@cryptocom.ru> Wed, 30 November 2005 08:25 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EhNHQ-0007LX-Ns; Wed, 30 Nov 2005 03:25:32 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EhNHP-0007GZ-8q for tls@megatron.ietf.org; Wed, 30 Nov 2005 03:25:31 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA13638 for <tls@ietf.org>; Wed, 30 Nov 2005 03:24:46 -0500 (EST)
Received: from cryptocom.ipmce.ru ([194.85.185.72] helo=mx.cryptocom.ru) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EhNbc-0001Md-W4 for tls@ietf.org; Wed, 30 Nov 2005 03:46:26 -0500
Received: by mx.cryptocom.ru (Postfix, from userid 500) id BBA01F703; Wed, 30 Nov 2005 11:25:19 +0300 (MSK)
Received: from manul.lan.cryptocom.ru (manul.lan.cryptocom.ru [10.51.17.211]) by mx.cryptocom.ru (Postfix) with ESMTP id 9AB69F6FD; Wed, 30 Nov 2005 11:25:19 +0300 (MSK)
Date: Wed, 30 Nov 2005 11:26:43 +0300
From: Dmitry Belyavsky <beldmit@cryptocom.ru>
X-X-Sender: beldmit@manul.lan.cryptocom.ru
To: "Gregory S. Chudov" <chudov@cryptopro.ru>
Subject: Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt
In-Reply-To: <055101c5f50d$ab2b78a0$0644a8c0@cp.ru>
Message-ID: <Pine.LNX.4.62.0511301114490.29704@manul.lan.cryptocom.ru>
References: <20051128190250.C9E7622244D@laser.networkresonance.com><7.0.0.10.2.20051128144717.02c1fc78@vigilsec.com> <Pine.LNX.4.62.0511291734070.23219@manul.lan.cryptocom.ru> <055101c5f50d$ab2b78a0$0644a8c0@cp.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Cc: "tls@ietf.org" <tls@ietf.org>
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Greetings! On Tue, 29 Nov 2005, Gregory S. Chudov wrote: > I agree that it could be useful to add a paragraph, containing the reasoning > for this. > > IMIT_GOST28147 is not an HMAC, it is basicly a form of GOST28147 cipher. > To be robust to attacks based on timing and EMI analysis, one symmetric key > should not be used for large quantities of plaintext, so the key meshing > algorithm > from draft-popov-cryptopro-cpalgs-04.txt is applied. Thank you, this paragraph provides enough information for me to understand your design decision. But the section 2 of draft-chudov-cryptopro-cptls-02.txt proposes two cipher suites with GOSTR3411-based MAC. Is key meshing applied for these cipher suites too or do they use usual HMAC? And what is MACed data for them? Thank you! > This "abberation" can be rephrased in a following way: MACed_data[seq_num] > is MACed, using the cipher state, produced by processing the previous record. > > Good luck! > > ----- Original Message ----- From: "Dmitry Belyavsky" <beldmit@cryptocom.ru> > To: "Russ Housley" <housley@vigilsec.com> > Cc: <tls@ietf.org> > Sent: Tuesday, November 29, 2005 5:40 PM > Subject: Re: [TLS] WG interest in draft-chudov-cryptopro-cptls-02.txt > > > > Greetings! > > > ... > > > > What can you say about section 3.3 of draft-chudov-cryptopro-cptls-02.txt? > > It describes a non-reasoned aberration from RFC 2246: > > > > ==================== > > For all four cipher suites, the use of MAC is slighttly different > > from the one, described in section 6.2.3.1 of [TLS]. In [TLS], MAC > > is calculated from the following data: > > > > MACed_data[seq_num] = seq_num + > > TLSCompressed.type + > > TLSCompressed.version + > > TLSCompressed.length + > > TLSCompressed.fragment; > > > > These cipher suites use the same input for first record, but for each > > next record the input from all previous records is concatenated: > > > > MACed_data[0] + ... + MACed_data[n] > > ==================== -- SY, Dmitry Belyavsky (ICQ UIN 11116575) _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] WG interest in draft-chudov-cryptopro-cptls… Eric Rescorla
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Russ Housley
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Gregory S. Chudov
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Nikos Mavrogiannopoulos
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Dmitry Belyavsky
- [TLS] Difference between TLS and SSL Ali Fessi
- Re: [TLS] WG interest in draft-chudov-cryptopro-c… Gregory S. Chudov