[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Summary of changes to HMAC-MD5-96 draft

To: ipsec@tis.com
Subject: Summary of changes to HMAC-MD5-96 draft
From: rob.glenn@nist.gov
Date: Fri, 13 Feb 1998 08:41:31 -0500 (EST)
Sender: owner-ipsec@ex.tis.com


draft-ietf-ipsec-auth-hmac-md5-96-02.txt has been submitted and 
should show up in the typical places in a couple of days.
Here is a summary of the changes. In addition, a few typos
were corrected and some references updated.

1. With regard to implicit packet padding...

change:

HMAC-MD5-96 operates on 64-byte blocks of data.  Padding requirements
are specified in [RFC-1321] and are part of the MD5 algorithm.
Padding bits are only necessary in computing the HMAC-MD5 authenticator
value and MUST NOT be included in the packet.

to:

HMAC-MD5-96 operates on 64-byte blocks of data.  Padding requirements
are specified in [RFC-1321] and are part of the MD5 algorithm.
If MD5 is built according to [RFC-1321], there is no need to
add any additional padding as far as HMAC-MD5-96 is concerned.
With regard to "implicit packet padding" as defined in [AH], no
implicit packet padding is required.

2. With regard to key lengths

Change:

Key lengths other than 128-bits SHALL NOT be supported.

To:

Key lengths other than 128-bits MUST NOT be supported (i.e. 
only 128-bit keys are to be used by HMAC-MD5-96).

3. In response to the document reading party's comments:

>Section 3. Keying Material - The 4th paragraph references the ESP
>doc (and not AH) as to how to obtain and process keying material. We
>question why this paragraph exists at all. In addition, the ESP has NO such
>description of how to do these things.

and

> [ESP] describes the general mechanism to obtain keying material for
> the ESP transform. The derivation of the key from some amount of
> keying material does not differ between the manual and automatic key
> management mechanisms.

> to [arch]...

Change:

[ESP] describes the general mechanism to obtain keying material for
the ESP transform. The derivation of the key from some
amount of keying material does not differ between the manual
and automatic key management mechanisms.

To:

[ARCH] describes the general mechanism for obtaining keying material 
when multiple keys are required for a single SA (e.g. when an ESP SA requires 
a key for confidentiality and a key for authentication).

Also, added a reference for [ARCH].

4. In response to the document reading party's comment:

>There is a requirment that "any known attacks" be discussed in the
>Security Considerations section. The MD5-96-01 doc does not discuss this.

The following as added to paragraph 1 of section 5.

At the time of this writing there are no known cryptographic attacks against
HMAC-MD5-96.

Rob G.
rob.glenn@nist.gov






--
John Kelley					johnk@tis.com
Director, Systems Administration
Trusted Information Systems, Inc.  (A NASDAQ company: "TISX")
http://www.tis.com

Prev by Date: Summary of changes to HMAC-MD5-96 draft
Next by Date: Re: Generic CBC-MAC specification
Prev by thread: Summary of changes to HMAC-MD5-96 draft
Next by thread: Re: Summary of changes to HMAC-MD5-96 draft
Index(es):
- Main
- Thread