Re: Proposal for doing unauthenticated encryption inside of HTTP/2 from Ilari Liusvaara on 2013-12-03 (ietf-http-wg@w3.org from October to December 2013)

From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Date: Tue, 3 Dec 2013 23:18:52 +0200
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Paul Hoffman <paul.hoffman@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20131203211852.GA18130@LK-Perkele-VII>

On Tue, Dec 03, 2013 at 11:59:50AM -0800, Martin Thomson wrote:
> On 3 December 2013 11:24, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote:
> > 1) For some AEAD modes, decrypting the start of frame without knowing length might
> > not be possible (albeit it seems to be possible for most common ones, like GCM
> > and EAX, and maybe also OCB).
> > 2) Pretty much no crypto library implements unauhenticated partial decryption of
> > AEAD schemes.
> 
> That's a strong assertion, and I think wrong.  See the TLS 1.2 AEAD
> modes.  The authenticated data includes length and some other things,
> values that appear unencrypted.

I mean encrypting the length (like SSH does with most ciphers, AES-GCM being
the notable exception).

-Ilari

Received on Tuesday, 3 December 2013 21:19:19 UTC