RE: Encrypting the IV - again. Was: Re: nonce length from Pieter Kasselman on 2002-01-29 (xml-encryption@w3.org from January 2002)

From: Pieter Kasselman <pkasselman@baltimore.com>
Date: Tue, 29 Jan 2002 09:35:41 -0000
To: "'reagle@w3.org'" <reagle@w3.org>, Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: Dan Lanz <lanz@zolera.com>, xml-encryption@w3.org, blaird@microsoft.com
Message-ID: <E7F0BE6942F1D411AFEA0002A528A8216519F3@irlms01.ie.baltimore.com>

Hi Joseph, I am inclined to agree with your approach. It makes more sense to
use chaining schemes that has already been standardised/scrutinized/vetted.
Perhaps the right way to go about this is to propose encrypting the IV used
with CBC mode to a standards body that deals with cryptography and let them
standardise it (e.g. NIST has been running a series of workshops on modes of
operation for block ciphers http://csrc.nist.gov/encryption/modes/). 

XML Encrypt should be flexible enough to allow for any encryption chaining
scheme to be specified. Thus once CBC with IV encryption is standardised by
one of these bodies, it can be used with XML Encrypt.

Cheers

Pieter

> -----Original Message-----
> From:	Joseph Reagle [SMTP:reagle@w3.org]
> Sent:	28 January 2002 22:55
> To:	Christian Geuer-Pollmann; Donald E. Eastlake 3rd
> Cc:	Dan Lanz; xml-encryption@w3.org; blaird@microsoft.com
> Subject:	Re: Encrypting the IV - again. Was: Re: nonce length
> 
> On Monday 28 January 2002 17:09, Christian Geuer-Pollmann wrote:
> > Well, it seems to me that I do not need obvious facts to introduce
> > necessary changes into the spec but well-known names ;-((
> 
> Hi Christian, I'm not advocating that necessarily, nor that we just need a
> 
> reference in order to accept it. In fact, I'm not opposed to encrypting
> the 
> IV. I'm just saying that I prefer that *this* WG not take it upon itself
> to 
> introduce a "new mode". I'm most comfortable if the issue has 
> been addressed by others and it's been vetted/discussed/standardized, etc.
> 
> That's that.
> 
> So, what do others people think? Should we encrypt the IV? (If so, we'll
> do 
> it.)
> 
> 
> -- 
> 
> Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
> W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
> 
> 
> 
> This footnote confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.

-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com

Received on Tuesday, 29 January 2002 04:37:53 UTC