[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-saag
Subject: Re: [saag] MAC first then encrypt or encrypt then MAC.
From: Phillip Hallam-Baker <hallam () gmail ! com>
Date: 2012-06-27 20:02:27
Message-ID: CAMm+LwiybaYQgGmjpHi8xAHZX=3HApRZEVdU4tgL7H-MnA8-NQ () mail ! gmail ! com
[Download RAW message or body]
On Wed, Jun 27, 2012 at 3:47 PM, Marsh Ray <marsh@extendedsubset.com> wrote:
> On 06/27/2012 12:26 PM, Phillip Hallam-Baker wrote:
>>
>> OK, so I think I know the answer to this one, but every single time I
>> submit a spec doing it one way, someone will always tell me that the
>> other is the way to go. And very rarely will anyone give a reason
>> other than 'that is how to do it'.
>
>
> Well how about sidestepping the debate and using an intrinsically
> authenticated encryption mode such as GCM, CCM, or EAX?
>
> http://en.wikipedia.org/wiki/GCM_mode
> http://en.wikipedia.org/wiki/CCM_mode
> http://en.wikipedia.org/wiki/EAX_mode
>
> Why:
>
> * The encryption and message authentication are integrated rather than
> separate operations.
>
> * There's less to go wrong.
>
> * Often more efficient.
>
> * GCM parallelizes.
>
> * GCM is standardized by NIST and is NSA Suite B.
>
> * GCM is referenced by RFC 4106 (GCM for IPsec ESP) and 5288 (AES GCM for
> TLS)
>
> * Packaged and tested implementations are available in many crypto
> libraries.
>
> * The modes I listed are believed patent-free.
>
> Why not:
>
> * GCM really needs a 128 bit or longer tag. But you were probably looking at
> a minimum of 160 bits for SHA-1 anyway.
>
> * It's hard to choose among the options.
>
> - Marsh
I think you are right. But I am not comfortable with doing more than
making support for something like GCM a requirement for the service
side at this point.
Selling the protocol is going to be hard enough without doing
trailblazing. I can make a very good case for requiring combi mode on
the server so that embedded devices can be supported. Requiring it on
the client side would be problematic given the need to implement in
various scripting languages,
--
Website: http://hallambaker.com/
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic