RE: Bug #23500 - Raw AES Access from Jim Schaad on 2014-02-20 (public-webcrypto@w3.org from February 2014)

From: Jim Schaad <ietf@augustcellars.com>
Date: Thu, 20 Feb 2014 13:14:31 -0800
To: "'Mark Watson'" <watsonm@netflix.com>, "'Mike Jones'" <Michael.Jones@microsoft.com>
Cc: "'Richard Barnes'" <rlb@ipv.sx>, <public-webcrypto@w3.org>
Message-ID: <006e01cf2e80$c13373e0$439a5ba0$@augustcellars.com>

From: Mark Watson [mailto:watsonm@netflix.com] 
Sent: Thursday, February 20, 2014 12:53 PM
To: Mike Jones
Cc: Richard Barnes; Jim Schaad; public-webcrypto@w3.org
Subject: Re: Bug #23500 - Raw AES Access

On Thu, Feb 20, 2014 at 12:29 PM, Mike Jones <Michael.Jones@microsoft.com>
wrote:

Can someone please write the note that Jim described on how to use CTR to
build new modes, including ECB?  Then I'm ok with closing.

Do you mean a note in the specification ?

Isn't Jim just referring to the fact that if I encrypt a single block with
AES-CBC with IV = 0 I get the same result as ECB applied to that single
block ?

Or if I encrypt a zero block with AES-CTR with IV = X I get the same result
as ECB applied to X ?

That is exactly what I was indicating.   And I did not really see a need for
having the note in the text (thus the if needed) because I find this to be
very simple.  If you are going to do something as complex as do a new
chaining mode then you are going to have to be conversant about this type of
thing.

...Mark

-- Mike

  _____  

From: Richard Barnes <mailto:rlb@ipv.sx> 
Sent: 2/20/2014 12:26 PM
To: Mark Watson <mailto:watsonm@netflix.com> 
Cc: Jim Schaad <mailto:ietf@augustcellars.com> ; public-webcrypto@w3.org
Subject: Re: Bug #23500 - Raw AES Access

Fine with me.

On Thu, Feb 20, 2014 at 3:19 PM, Mark Watson <watsonm@netflix.com> wrote:

So, does anyone object to closing Bug 23500 as WONTFIX ?

...Mark

On Wed, Feb 19, 2014 at 9:42 AM, Jim Schaad <ietf@augustcellars.com> wrote:

Take #2 on this issue.

Looking at things last night, as long as we don't have a streaming mode of
operation, it does not appear that using a ECB mode is going to be any more
efficient than using either CBC or CTR as the basis for building something
like an SIV mode.  Since one is going to need to create a new encrypt
Promise for each block in order to chain things together.

Since this means that currently the only way to  be use ECB mode in an
efficient manner is to use it as ECB, I would say that we should not include
it.  It might however be worth having a note about how to use CTR mode to
build new modes in the future in script.  

This decision would then be re-visited when we have streaming as a primitive
operation.

Jim

Received on Thursday, 20 February 2014 21:16:40 UTC