Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 09 March 2011 09:56 UTC

Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6968A3A67C3; Wed, 9 Mar 2011 01:56:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.551
X-Spam-Level:
X-Spam-Status: No, score=-103.551 tagged_above=-999 required=5 tests=[AWL=0.048, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VU5KtXIgXc7W; Wed, 9 Mar 2011 01:56:24 -0800 (PST)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 006EF3A67A1; Wed, 9 Mar 2011 01:56:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1299664661; x=1331200661; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20ekr@rtfm.com,=20pgut001@cs.auckland.ac.nz|Subject: =20Re:=20[TLS]=20Last=20Call:=20<draft-kanno-tls-camellia -00.txt>=20(Additionx|Cc:=20ietf@ietf.org,=20mrex@sap.com ,=20tls@ietf.org|In-Reply-To:=20<AANLkTinvuvh_OBBzzNxTku0 RmZ8eibTmRQJvfdJW-Oyw@mail.gmail.com>|Message-Id:=20<E1Px G9B-0007K0-FK@login01.fos.auckland.ac.nz>|Date:=20Wed,=20 09=20Mar=202011=2022:57:37=20+1300; bh=TPF28jOsixDbIHDW2XdXrBMhlmzKNzKq5U5b/OZfxU4=; b=YZ57oYgyB/0smfhEfLVZCguzrduXEDeV1tL5ffZZOocwnv5hZrofNAHI Fpax0XYsx3jqw7RtANRhWQhTBtIC+hWIm3K6ijPiSc8OMsMD/EGSAhNCP TK1GgEvDd0SSDfZ0E5gc7QyPVtlqwGbGYjVEjJ5zo1gtAMx5AdWcigxkG E=;
X-IronPort-AV: E=Sophos;i="4.62,289,1296990000"; d="scan'208";a="50107916"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 09 Mar 2011 22:57:37 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PxG9B-0002tm-Ho; Wed, 09 Mar 2011 22:57:37 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PxG9B-0007K0-FK; Wed, 09 Mar 2011 22:57:37 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: ekr@rtfm.com, pgut001@cs.auckland.ac.nz
In-Reply-To: <AANLkTinvuvh_OBBzzNxTku0RmZ8eibTmRQJvfdJW-Oyw@mail.gmail.com>
Message-Id: <E1PxG9B-0007K0-FK@login01.fos.auckland.ac.nz>
Date: Wed, 09 Mar 2011 22:57:37 +1300
Cc: ietf@ietf.org, tls@ietf.org
Subject: Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 09:56:25 -0000

Eric Rescorla <ekr@rtfm.com> writes:

>Can you please point to where in IP there is a limit that requires a MAC no
>greater than 96 bits.

The AH had room for exactly 96 bits of MAC value, any more and it'd have to
overflow to another 32 bits worth (the size of the non-MAC data is 96 bits and
the MAC data adds the other 96 bits), see RFC 2402.  The original AH used a
64-bit data field (RFC 1826) and didn't truncate MD5 (RFC 1828), so it was
also 192 bits long.  With the expansion of the non-MAC data to 96 bits, it was
necessary to truncate the MAC to keep the same overall size.

Peter.