- From: pratik datta <pratik.datta@oracle.com>
- Date: Mon, 09 Nov 2009 15:13:30 -0800
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- CC: XMLSec WG Public List <public-xmlsec@w3.org>
It will be optional. At this point I am not in a position to interop with this, but maybe in a few months. Pratik On 11/9/2009 12:25 PM, Frederick Hirsch wrote: > Pratik > > Are you proposing we add it as an Optional or Required to implement > algorithm? > > Who is in a position to interop test this? > > regards, Frederick > > Frederick Hirsch, Nokia > Chair XML Security WG > > > > On Nov 9, 2009, at 3:18 PM, ext pratik datta wrote: > >> I am not sure how important AES-GCM is, but we can consider adding it >> to XML Encryption 1.1. >> >> NSA suite B requires AES-GCM as a TLS Cipher suite. (see RFC 5430 >> http://www.rfc-archive.org/getrfc.php?rfc=5430) >> >> >> >> Here is a preliminary proposal for adding AES-GCM (I had a brief >> discussion about GCM with Brian in the F2F) >> >> >> Section 5.1, (add this to the list of algorithms.) >> >> http://www.w3.org/2009/xmlenc11#aes128-gcm >> http://www.w3.org/2009/xmlenc11#aes256-gcm >> >> >> Section 5.2.3 AES-GCM (add new section) >> >> AES-GCM is an authenticated encryption mechanism. I.e. it is equivalent >> to doing these two operations in one step - HMAC signing followed by >> AES-CBC encryption. It is very attractive from performance point of >> view, because the cost of AES-GCM is similar to regular AES-CBC >> encryption, yet it achieves the same result as encryption + HMAC >> signing.. Also AES-GCM can be pipelined so it is amenable to hardware >> acceleration.. >> >> Identifiers. >> http://www.w3.org/2009/xmlenc11#aes128-gcm >> http://www.w3.org/2009/xmlenc11#aes256-gcm >> >> >> AES-GCM is used with a 96 bit Initialization Vector (IV), and a 128 bit >> Authentication Tag (T). The cipher text contains the IV first, followed >> by the T and then finally the encrypted octets. Decryption should fail >> if the authentication tag computed during decryption does not match the >> specified Authentication Tag. >> >> >> >> >> Pratik >> >> >> >> >> >> >> >> > >
Received on Monday, 9 November 2009 23:16:03 UTC