[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Generic CBC-MAC specification
Daniel Harkins writes:
> The I-O resolution draft currently references Applied Cryptography
> for CBC-MACs. That was said to be inadequate and I'm merely trying
> to address the criticism. If most people feel that Applied Cryptography
> is enough then I'll just leave it as it is. And I guess the burden is
> on those who think it isn't enough since this involves a change.
>
> Speak up now.
I was the one to convince Dan that Applied Cryptography was not
sufficient for RFC purposes. (I was bothered because it was not free,
and no one could point me to a free specification.) The biggest point,
however, is that AC does not make any mention of a standard method for
padding short input frames, which I made certain to do in my draft.
Moreover, there is not an adequate discussion of the security
implications of using CBC-MAC as a MAC (which I hope I've addressed
sufficiently in the discussion section of that draft).
Does anyone disagree with my rationale for another draft?
ben
Follow-Ups:
References: