[11538] in cryptography@c2.net mail archive
Re: CCM Mode
daemon@ATHENA.MIT.EDU (despot@crosswinds.net)
Sat Aug 17 20:36:47 2002
From: despot@crosswinds.net
To: cryptography@wasabisystems.com
Date: Sat, 17 Aug 2002 19:18:36 -0400 (EDT)
On Thu, 15 Aug 2002, Housley, Russ wrote:
> http://ftp.ietf.org/internet-drafts/draft-housley-ccm-mode-00.txt
>
> It contains a specification for an authenticated encryption mode.
While this merging is alluded to in the OCB paper and elsewhere, I still
found the idea of the CCM mode interesting. It is taking two separate modes
and merging them into one. It is performing authentication (CBC-MAC) then
encryption (CTR), and, while I have not seen the details of the security of
this scheme, I imagine it is somewhat focused on the notions outlined in the
Krawczyk papers last year.
I think this "expansion" of modes is a beneficial move. Instead of allowing
protocol designers to attempt to figure out the proper ways to merge
authentication and encryption modes, modes are being designed that cover the
proper use of both. This is a good thing.
Of course, I am not ignoring modes like OCB that use "blended constructs" to
perform both encryption and authentication. Such modes can achieve the
benefits of "merged modes" with potentially more efficiency.
-Andrew
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
