Steve Kent writes:
PEM WP Meeting Minutes
11/18/92
2. RFC 1115bis also needs to be revised to remove use of DES MAC as a
message integrity code. Recent work has indicated that use of DES MAC
is unsuitable with either symmetric or asymmetric key management
algorithms, even in the limited contexts already defined in 1115bis.
Only one party who might object to this removal of DES MAC was
identified and he will be promptly notified of the planned change.
here too, the change is considered minor as it involves removal of
what is viewed as an option which was not expected to see much, if
any, use.
Although the use of DES MAC is unsuitable in the current context, perhaps
the alternative that we propose will be of interest for those who would still
like to see the use of the DES MAC.
The alternative (and existing vulnerability) can be found in our paper
"Protecting the Integrity of Privacy-Enhanced Electronic Mail with DES-Based
Authentication Codes," Stuart G. Stubblebine and Virgil D. Gligor, to appear
in PSRG Workshop on Network and Distributed System Security, San Diego, CA,
February 11-12, 1993. This solution allows the retention of the DES MAC
and scales up well in the sense that its performance is independent of the
number of message receivers.
I can make the paper available to anyone who wishes a copy.
Stuart
------------------------------------------------------------------------
Stuart G. Stubblebine stubblebine(_at_)isi(_dot_)edu
USC Information Sciences Institute (310)822-1511 ext. 190
4676 Admiralty Way, Marina del Rey, CA 90292 FAX: (310)823-6714
-----------------------------------------------------------------------