[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: RE: [TLS] SIV Ciphersuites for TLS
From: <Pasi.Eronen () nokia ! com>
Date: 2008-01-08 10:10:39
Message-ID: B356D8F434D20B40A8CEDAEC305A1F240514E694 () esebe105 ! NOE ! Nokia ! com
[Download RAW message or body]
Dan Harkins wrote:
> Hi Pasi,
>
> Thank you very much for your comments on my draft. A few comments on
> your comments.
>
> Deriving a fresh key is not the issue, it's whether one can
> guarantee that a nonce will never be misused for a given (fresh) key.
>
> The other thing I will take issue with is your statement that
> nonce management is "the job of the TLS library". That very much
> depends on the TLS library. The API to call AES in CBC mode in
> OpenSSL takes an IV from the caller-- i.e. the application
> programmer.
In OpenSSL, an application programmer using TLS does *not* supply
any IVs, and never directly uses any AES CBC mode APIs (or anything
similar -- all that happens inside the TLS part of the library).
An application programmer might use the OpenSSL's AES APIs
for *other* purposes than TLS, and I do agree that there
SIV can be much safer to use than GCM.
Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic