W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Proposal for doing unauthenticated encryption inside of HTTP/2

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 3 Dec 2013 11:59:50 -0800
Message-ID: <CABkgnnWGi=E7TcMXA4Rq_=_eiPPTEO=QfseFhpHnN-FVeg2=fw@mail.gmail.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Cc: Paul Hoffman <paul.hoffman@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 3 December 2013 11:24, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote:
> 1) For some AEAD modes, decrypting the start of frame without knowing length might
> not be possible (albeit it seems to be possible for most common ones, like GCM
> and EAX, and maybe also OCB).
> 2) Pretty much no crypto library implements unauhenticated partial decryption of
> AEAD schemes.

That's a strong assertion, and I think wrong.  See the TLS 1.2 AEAD
modes.  The authenticated data includes length and some other things,
values that appear unencrypted.
Received on Tuesday, 3 December 2013 20:00:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC