W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2009

Re: Proposal for adding AES-GCM to XML Encryption 1.1

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 9 Nov 2009 15:25:11 -0500
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <67764BDB-2563-458E-9A04-3FFF052E3F49@nokia.com>
To: ext pratik datta <pratik.datta@oracle.com>
Pratik

Are you proposing we add it as an Optional or Required to implement  
algorithm?

Who is  in a position to interop test this?

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG



On Nov 9, 2009, at 3:18 PM, ext pratik datta wrote:

> I am not sure how important AES-GCM is, but  we can consider adding it
> to XML Encryption 1.1.
>
> NSA suite B requires AES-GCM as a TLS Cipher suite. (see RFC 5430
> http://www.rfc-archive.org/getrfc.php?rfc=5430)
>
>
>
> Here is a preliminary proposal for adding AES-GCM (I had a brief
> discussion about GCM with Brian in the F2F)
>
>
> Section 5.1,  (add this to the list of algorithms.)
>
> http://www.w3.org/2009/xmlenc11#aes128-gcm
> http://www.w3.org/2009/xmlenc11#aes256-gcm
>
>
> Section 5.2.3 AES-GCM   (add new section)
>
> AES-GCM is an authenticated encryption mechanism. I.e. it is  
> equivalent
> to doing these two operations in one step - HMAC signing followed by
> AES-CBC encryption. It is very attractive from performance point of
> view, because the cost of AES-GCM is similar to regular AES-CBC
> encryption, yet it achieves the same result as encryption + HMAC
> signing.. Also AES-GCM can be pipelined so it is amenable to hardware
> acceleration..
>
> Identifiers.
> http://www.w3.org/2009/xmlenc11#aes128-gcm
> http://www.w3.org/2009/xmlenc11#aes256-gcm
>
>
> AES-GCM is used with a 96 bit Initialization Vector (IV), and a 128  
> bit
> Authentication Tag (T). The cipher text contains the IV first,  
> followed
> by the T and then finally the encrypted octets. Decryption should fail
> if the authentication tag computed during decryption does not match  
> the
> specified Authentication Tag.
>
>
>
>
> Pratik
>
>
>
>
>
>
>
>
Received on Monday, 9 November 2009 20:25:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:44:00 GMT