- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 9 Nov 2009 15:25:11 -0500
- To: ext pratik datta <pratik.datta@oracle.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Pratik Are you proposing we add it as an Optional or Required to implement algorithm? Who is in a position to interop test this? regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG On Nov 9, 2009, at 3:18 PM, ext pratik datta wrote: > I am not sure how important AES-GCM is, but we can consider adding it > to XML Encryption 1.1. > > NSA suite B requires AES-GCM as a TLS Cipher suite. (see RFC 5430 > http://www.rfc-archive.org/getrfc.php?rfc=5430) > > > > Here is a preliminary proposal for adding AES-GCM (I had a brief > discussion about GCM with Brian in the F2F) > > > Section 5.1, (add this to the list of algorithms.) > > http://www.w3.org/2009/xmlenc11#aes128-gcm > http://www.w3.org/2009/xmlenc11#aes256-gcm > > > Section 5.2.3 AES-GCM (add new section) > > AES-GCM is an authenticated encryption mechanism. I.e. it is > equivalent > to doing these two operations in one step - HMAC signing followed by > AES-CBC encryption. It is very attractive from performance point of > view, because the cost of AES-GCM is similar to regular AES-CBC > encryption, yet it achieves the same result as encryption + HMAC > signing.. Also AES-GCM can be pipelined so it is amenable to hardware > acceleration.. > > Identifiers. > http://www.w3.org/2009/xmlenc11#aes128-gcm > http://www.w3.org/2009/xmlenc11#aes256-gcm > > > AES-GCM is used with a 96 bit Initialization Vector (IV), and a 128 > bit > Authentication Tag (T). The cipher text contains the IV first, > followed > by the T and then finally the encrypted octets. Decryption should fail > if the authentication tag computed during decryption does not match > the > specified Authentication Tag. > > > > > Pratik > > > > > > > >
Received on Monday, 9 November 2009 20:25:59 UTC