At 05:51 PM 7/16/2006, Charles Clancy wrote:
> My reading of the GPSK draft is that the Protected Payload data will
> be integrity protected using the MAC from the combined mode and there
> is the integrity checksum over the entire GPSK-Message. I think we
> should avoid the multiple MACs.
...
> I am curious about others' opinions on EAX vs. CCM.
We could replace AES-EAX with AES-CBC. Would address both your concerns?
That's one way, sure! Given that the encryption might be over only
one of the payloads of the GPSK messages and since these are key
management messages anyway (just 4 messages, at initial
authentication), we don't need the processing efficiencies of CTR
mode that comes with EAX or CCM. So AES-CBC is just fine.
If we do want to use EAX or CCM, a possibility is to "apply" EAX or
CCM over the entire message with most of the message as the AAD and
have the encryption spanning either the Protected Payload data or
NULL. (My recollection is that Joe and I discussed this in Montreal
as a possibility; not sure whether we agreed on it though!)
regards,
Lakshminath
--
t. charles clancy, ph.d. | [EMAIL PROTECTED] | www.cs.umd.edu/~clancy
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
