Hello,
draft-ietf-tcpm-tcp-ao-crypto-02 intends to make
mandatory-to-implement for TCP-AO two MAC algorithms,
HMAC-SHA-1-96 and AES-128-CMAC-96, as well as two related KDFs.
IIRC, other WG(s) have been advised last year by important stakeholders
(in particular NIST) to not standardize new use cases (e.g. in IPsec)
of the CMAC / CCM Modes of Operation for a block cipher primitive,
in favor of the GMAC / GCM Modes of Operation, because of the
significant performance benefits of the latter modes.
While the draft discusses arguments and properties of the two
algorithms selected, it remains silent wrt the non-selection of
suitable GMAC modes.
TCP-AO seems to be intended for specific use cases with high
performance / low cost ratio requirements, and hence particularly
suitable for application of the performance argument.
Could you please provide arguments to the IETF at large that support
the recommendation of the draft in favor of CMAC vs. GMAC ?
Or could it be that this decision needs to be revisited?
Kind regards,
Alfred Hönes.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: ah(_at_)TR-Sys(_dot_)de
|
+------------------------+--------------------------------------------+
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf