[prev in list] [next in list] [prev in thread] [next in thread]
List: cfrg
Subject: Re: [Cfrg] CFRG and thwarting pervasive montoring
From: Paul Lambert <paul () marvell ! com>
Date: 2013-12-30 19:06:11
Message-ID: CEE6FEE3.2B330%paul () marvell ! com
[Download RAW message or body]
On 12/29/13, 1:12 PM, "Paul Hoffman" <paul.hoffman@vpnc.org> wrote:
>On Dec 29, 2013, at 11:12 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
>wrote:
>
>> . . .
>
>> I would love to see ongoing detailed work within
>> CFRG as to how to counter pervasive monitoring.
>
>Wearing your perpass hat, how can CFRG help? I ask this because I have
>seen little on the perpass mailing list that indicated that an even minor
>problem has been lack of crypto, or the use of crypto that is thought to
>be breakable. What type of crypto research or assessment would help
>perpass?
In the past I=B9ve never considered CFRG a viable discussion forum for
making an impact by creating or approving new algorithms =8A but if it is:
We need an =8Capproved' nonce-insensitive AEAD algorithm.
I=B9m designing multicast communications in a mesh topology and CCM and GCM
suffer from N^2 complexity (since they require unique nonce/key). Yes =8A
there are ways that some link proposals like 802.1ae mitigate the issue
using device addresses as part of the key setup. The best solution is a
nonce-insensitive AEAD.
We already have an RFC for SIV which is deterministic and a decent
solution, but it is not =8CNIST=B9 approved, so I have problems introducing=
it
into consumer equipment. It=B9s also a little slow =8A but I=B9m not sure =
that
efficiency should be the primary evaluation criteria.
I=B9ve asked NIST in the past and they have expressed no interest in the
problem. It used to be very important for algorithms to be NIST approved.
Do we need to find/create a new review and approval process for
algorithms that can be referenced by commercial products?
Paul
>
>Note that deprecating the use of crypto that is widely known to be broken
>is the purview of IETF WGs, not the CFRG. The relevant WGs (particularly
>TLS) seem to already be doing that.
>
>--Paul Hoffman
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>http://www.irtf.org/mailman/listinfo/cfrg
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic