[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Review of draft-zorn-radius-keywrap

To: "Alan DeKok" <aland@deployingradius.com>
Subject: Re: Review of draft-zorn-radius-keywrap
From: "Dan Harkins" <dharkins@lounge.org>
Date: Sat, 18 Dec 2010 11:24:17 -0800 (PST)
Cc: "Dan Harkins" <dharkins@lounge.org>, "'radext mailing list'" <radiusext@ops.ietf.org>
In-reply-to: <4D0CA771.6080307@deployingradius.com>
References: <4D079C0D.5000608@deployingradius.com> <739c8ad72a2c6887ce2b0910c3a3b124.squirrel@www.trepanning.net> <4D0CA771.6080307@deployingradius.com>
User-agent: SquirrelMail/1.4.14 [SVN]

  Alan,

  I am not attempting to impress you, just to inform you. AES Key Wrap
was not "invented solely for this specification". It was developed by
NIST and published in November of 2001. It has widespread use and has
received cryptographic analysis. These statements are true whether the
draft makes mention of them or not.

  Dan.

On Sat, December 18, 2010 4:22 am, Alan DeKok wrote:
> Dan Harkins wrote:
>>   Neither AES Key Wrap nor (D)TLS are "signature methods". AES Key Wrap
>> is providing an integrity check and confidentiality only on a random
>> key.
>
>   The document contains a Message-Authentication-Code attribute, which
> is defined as:
>
>    This Attribute MAY be used to "sign" messages ...
>
>   The following text describes an "ad hoc" method for signing packets.
> It is not based on keywrap.
>
>   Perhaps you haven't read the document, or you didn't notice the pages
> of text talking about a new packet signature method?
>
>> This technique is now new; it's used in 802.11 (you should note that
>> the draft in question pre-dates the "guidelines" document).
>
>   I'm suitably impressed with this irrelevant fact.
>
>>   AES Key Wrap has received quite a bit of analysis. There is a very
>> good critique of it in "Deterministic Authenticated Encryption: A
>> Provable Security Treatment of the Key Wrap Problem" by Rogaway and
>> Shrimpton available at:
>>
>>             http://web.cecs.pdx.edu/~teshrim/keywrap.pdf
>
>   Which is not referenced anywhere in the document.
>
>   In fact, there is *no* reference in the document to any security
> analysis, origin, or history of the "keywrap" method.  The *only*
> reference to "keywrap" is in the document title.
>
>   Given the document *on its face*, the authors have given us every
> reason to believe that the cryptographic methods described in it were
> invented solely for this specification.
>
>   Alan DeKok.
>
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Review of draft-zorn-radius-keywrap
  - From: Alan DeKok <aland@deployingradius.com>

References:
- Review of draft-zorn-radius-keywrap
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Review of draft-zorn-radius-keywrap
  - From: "Dan Harkins" <dharkins@lounge.org>
- Re: Review of draft-zorn-radius-keywrap
  - From: Alan DeKok <aland@deployingradius.com>

Prev by Date: Re: Review of draft-zorn-radius-keywrap
Next by Date: Re: Review of draft-zorn-radius-keywrap
Previous by thread: Re: Review of draft-zorn-radius-keywrap
Next by thread: Re: Review of draft-zorn-radius-keywrap
Index(es):
- Date
- Thread