- From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Date: Tue, 10 Nov 2009 08:38:50 -0500
- To: ext pratik datta <pratik.datta@oracle.com>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Does anyone object to adding this as optional to the XML Encryption 1.1 specification before Last Call? Who can review the text Pratik sent? regards, Frederick Frederick Hirsch Nokia On Nov 9, 2009, at 6:13 PM, ext pratik datta wrote: > It will be optional. > > At this point I am not in a position to interop with this, but maybe > in > a few months. > > Pratik > > On 11/9/2009 12:25 PM, Frederick Hirsch wrote: >> Pratik >> >> Are you proposing we add it as an Optional or Required to implement >> algorithm? >> >> Who is in a position to interop test this? >> >> regards, Frederick >> >> Frederick Hirsch, Nokia >> Chair XML Security WG >> >> >> >> On Nov 9, 2009, at 3:18 PM, ext pratik datta wrote: >> >>> I am not sure how important AES-GCM is, but we can consider >>> adding it >>> to XML Encryption 1.1. >>> >>> NSA suite B requires AES-GCM as a TLS Cipher suite. (see RFC 5430 >>> http://www.rfc-archive.org/getrfc.php?rfc=5430) >>> >>> >>> >>> Here is a preliminary proposal for adding AES-GCM (I had a brief >>> discussion about GCM with Brian in the F2F) >>> >>> >>> Section 5.1, (add this to the list of algorithms.) >>> >>> http://www.w3.org/2009/xmlenc11#aes128-gcm >>> http://www.w3.org/2009/xmlenc11#aes256-gcm >>> >>> >>> Section 5.2.3 AES-GCM (add new section) >>> >>> AES-GCM is an authenticated encryption mechanism. I.e. it is >>> equivalent >>> to doing these two operations in one step - HMAC signing followed by >>> AES-CBC encryption. It is very attractive from performance point of >>> view, because the cost of AES-GCM is similar to regular AES-CBC >>> encryption, yet it achieves the same result as encryption + HMAC >>> signing.. Also AES-GCM can be pipelined so it is amenable to >>> hardware >>> acceleration.. >>> >>> Identifiers. >>> http://www.w3.org/2009/xmlenc11#aes128-gcm >>> http://www.w3.org/2009/xmlenc11#aes256-gcm >>> >>> >>> AES-GCM is used with a 96 bit Initialization Vector (IV), and a >>> 128 bit >>> Authentication Tag (T). The cipher text contains the IV first, >>> followed >>> by the T and then finally the encrypted octets. Decryption should >>> fail >>> if the authentication tag computed during decryption does not >>> match the >>> specified Authentication Tag. >>> >>> >>> >>> >>> Pratik >>> >>> >>> >>> >>> >>> >>> >>> >> >>
Received on Tuesday, 10 November 2009 13:40:02 UTC