Hi All,
Here is the P1619.1 D11 draft. If possible, please send out
comments for this draft by Oct 12th (two weeks from now). This is four days
before the next meeting on Oct. 16th. If you don't have time to review the
whole document, please focus on Clause 6 "Security Level", and 5.8
"Initialization vector (IV) requirements". You may also want to look
over Annex E "P1619.1 standard encryption interchange format" to
review some new material.
Here is a list of changes from D10:
- Updated Title, Scope, and
Purpose to reflect newly approved PAR-update.
- Removed the last several words
from the new purpose because they contained subjective language.
- Moved the reference to McGrew
and Viega's GCM proposal into the normative section. After NIST publishes
the final 800-38D standard, we could use it instead. (The problem is from
a discrepancy between the original method for handling 128-bit IVs and the
new method described by NIST in the 800-38D draft. In all likelihood,
NIST will change the final version to match the original GCM proposal)
- Reworked Clause 5.3
"Decryption". The new version makes an allowance for the
cryptographic module to return plaintext before checking the MAC, but
strongly discourages it.
- Many editorial changes, based
on feedback from the group.
- Added new clause C.4
"Passing plaintext to the host before checking the MAC". This
new section describes the problems of passing data to the host before
checking the MAC, and encourages the host to not act on incomplete
records. If the working group finds attacks that relate to this
allowance, we could describe those attacks here.
- Made significant changes to
Annex E "Standard encryption interchange format".
Thanks,
Matt Ball
Quantum Corp.
4001 Discovery
Drive, Suite 1100
Boulder, CO 80303
720 406-5766
|