Re: [TLS] Question for TLS1.2 AEAD cipher
Dana Zhao <dzhao@certicom.com> Mon, 09 July 2007 15:41 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I7vME-00010N-4F; Mon, 09 Jul 2007 11:41:02 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I7vMB-000105-T8 for tls@lists.ietf.org; Mon, 09 Jul 2007 11:40:59 -0400
Received: from mail.ca.certicom.com ([38.113.160.197]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I7vM7-0003Ak-HO for tls@lists.ietf.org; Mon, 09 Jul 2007 11:40:59 -0400
Received: from spamfilter.certicom.com (localhost.localdomain [127.0.0.1]) by mail.ca.certicom.com (Postfix) with ESMTP id CAE1B10027FE6; Mon, 9 Jul 2007 07:41:50 -0400 (EDT)
Received: from mail.ca.certicom.com ([127.0.0.1]) by spamfilter.certicom.com (storm.certicom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ezTlPQ0edmuK; Mon, 9 Jul 2007 07:41:49 -0400 (EDT)
Received: from domino1.certicom.com (domino1.certicom.com [10.0.1.24]) by mail.ca.certicom.com (Postfix) with ESMTP; Mon, 9 Jul 2007 07:41:49 -0400 (EDT)
In-Reply-To: <20070707231414.0AC0233C1A@delta.rtfm.com>
To: Eric Rescorla <ekr@networkresonance.com>
Subject: Re: [TLS] Question for TLS1.2 AEAD cipher
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005
Message-ID: <OFE74EA491.AFC26137-ON85257313.0052D064-85257313.00562702@certicom.com>
From: Dana Zhao <dzhao@certicom.com>
Date: Mon, 09 Jul 2007 11:37:15 -0400
X-MIMETrack: Serialize by Router on Certicom1/Certicom(Release 7.0.2FP1|January 10, 2007) at 07/09/2007 11:36:55 AM, Serialize complete at 07/09/2007 11:36:55 AM
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 37af5f8fbf6f013c5b771388e24b09e7
Cc: tls@lists.ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1984908905=="
Errors-To: tls-bounces@lists.ietf.org
Hi Eric,
Thank you very much for your quick response.
>> 2. The additional data for encryption and decryption should be the
same.
>> While we find that the additional data for encryption contains seq_num
and
>> the additional data for decryption does not contain seq_num.
>I don't see that in the text.
It is on page 23, draft-ietf-tls-rfc4346-bis-03.txt or
draft-ietf-tls-rfc4346-bis-04.txt.
additional_data = seq_num + TLSCompressed.type +
TLSCompressed.version + TLSCompressed.length;
AEADEncrypted = AEAD-Encrypt(key, IV, plaintext,
additional_data)
TLSCompressed.fragment = AEAD-Decrypt(write_key, IV, AEADEncrypted,
TLSCiphertext.type + TLSCiphertext.version +
TLSCiphertext.length);
>> 3. IV length and Tag length. Is there standard IV length and Tag
length?
>> If not, when the receiver get the message, how does he know which part
is
>> IV and which part is aead_output? Also, the receiver needs to know the
tag
>> length for decryption.
>It's defined by the cipher suite.
For example, cipher suite "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", GCM
allows Tag length from 8 to 16 bytes, IV length from 1 to 2^64 bytes(the
recommended IV length is 12 bytes). What Tag length and IV length should
we choose? The recommended length?
Thank you.
Dana
_______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question for TLS1.2 AEAD cipher Dana Zhao
- Re: [TLS] Question for TLS1.2 AEAD cipher Eric Rescorla
- Re: [TLS] Question for TLS1.2 AEAD cipher Dana Zhao