[STDS-P1619] Question concerning testability of associating keys with key scopes in IEEE Std 1619-2007
Hi Folks,
I received a question from NIST on IEEE Std 1619-2007, as referenced by draft SP 800-38E, concerning the intent for the following statement (see IEEE Std 1619-2007, page 9, end of clause 6):
An XTS-AES key shall not be associated with more than one key scope.
The question is how to validate the cryptographic module against this requirement. Is this requirement meant to preclude the same key from encrypting the same tweak value on different devices? Note that a conforming implementation may write a particular sector (or logical block) multiple times with the same key and same tweak value.
Please let me know if you have any thoughts on the matter, including possible changes to draft SP 800-38E, and I will relay this back to NIST. Please comment soon so that it's possible to update the next SP 800-38E public review draft with any recommend language. I've got some thoughts on the matter, but would like to hear first from the group.
--
Thanks!
Matt Ball, Chair, IEEE P1619 Security in Storage Working Group
Staff Engineer, Sun Microsystems, Inc.
500 Eldorado Blvd, Bldg #5 BRM05-212, Broomfield, CO 80021
Work: 303-272-7580, Cell: 303-717-2717