The document [1] specify a mode of encryption that has not, to my
knowledge, been used anywhere else: CBC-CTS with IV-carry.  The
document does not reference any standard work that define it, so it
appears the document authors are not aware of prior use of it either.
There is no analysis of the security of the mode in the document.  The
CFRG has not commented on the mode.  The security consideration does
not mention that the document define or use a non-standard mode.

Considering all this, I believe it would be only prudent to reflect
those facts in the security consideration, to help people form an
opinion about it.

Here is a proposed paragraph for inclusion:

    The encryption mode used in this document, CBC with Cipher Text
    Stealing with IV carry between messages, has to our knowledge not
    been studied extensively, or even at all, in the available



Ietf mailing list

Reply via email to