On Wed, Feb 28, 2018 at 11:06:36PM -0800, Hal Murray wrote: > I'm interested in the simple case of shared/symmetric key authentication.
> Why is AES-CMAC more interesting than one of the digests supported by OpenSSL? As I understand it, the main advantage is better performance (when implemented properly). For instance, on a server configured with a SHA256 key I'm observing a 40% drop in performance when compared to no authentication. With AES-CMAC the impact should be much smaller. I've not tried it yet. However, I'm not sure how much this really matters as (public) servers typically don't handle a large number of packets authenticated with symmetric keys. > The current code and extension RFCs and proposals only supports digest > lengths of 16 and 20 bytes. I was expecting an extension code for shared > keys so we could handle any length, but I don't see one on the IANA list. Is > anybody else interested in that case? The trouble is with parsing the packets. The strict rules for lengths of extension fields and MACs are needed to prevent ambiguity. Otherwise, a long MAC could be incorrectly interpreted as an extension field, or a short extension field could be interpreted as a MAC. This was a frequent topic on this list, so I'd suggest to go through the archives if you are interested in more details. Please note that latest versions of ntp truncate long digests in MACs to 160 bits, so the authentication should work with any hash function supported by OpenSSL. -- Miroslav Lichvar _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
