Re: Encrypting the IV - again. Was: Re: nonce length

Hi,

Last week I was at the IEEE 802.11 meeting in Dallas, particularly
802.11 Task Group i, which is working on security. I took the
opportunity to ask several professional cryptographers about this. One
suggested the same idea as I started to describe the problem, all the
others supported encrypting the IV except one who declined to make any
spur of the moment recommendations.

Based on that, I'm in favor of going for ECB encrypting the IV.

Donald

From:  Joseph Reagle <reagle@w3.org>
Message-Id:  <200201282254.RAA14246@tux.w3.org>
Organization:  W3C
To:  Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>,
            "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Date:  Mon, 28 Jan 2002 17:54:47 -0500
Cc:  Dan Lanz <lanz@zolera.com>, xml-encryption@w3.org, blaird@microsoft.com
References:  <2942038760.1012259353@crypto>
In-Reply-To:  <2942038760.1012259353@crypto>

>On Monday 28 January 2002 17:09, Christian Geuer-Pollmann wrote:
>> Well, it seems to me that I do not need obvious facts to introduce
>> necessary changes into the spec but well-known names ;-((
>
>Hi Christian, I'm not advocating that necessarily, nor that we just need a 
>reference in order to accept it. In fact, I'm not opposed to encrypting the 
>IV. I'm just saying that I prefer that *this* WG not take it upon itself to 
>introduce a "new mode". I'm most comfortable if the issue has 
>been addressed by others and it's been vetted/discussed/standardized, etc. 
>That's that.
>
>So, what do others people think? Should we encrypt the IV? (If so, we'll do 
>it.)
>
>-- 
>
>Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
>W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Monday, 28 January 2002 23:54:25 UTC