Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptography - suggested modification of 6.5.5 #2498

Open
randomstuff opened this issue Jan 2, 2025 · 3 comments
Open

Cryptography - suggested modification of 6.5.5 #2498

randomstuff opened this issue Jan 2, 2025 · 3 comments
Assignees
@danielcuthbert
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@randomstuff
Copy link
Contributor

randomstuff commented Jan 2, 2025
edited
Loading

Currently we have:

6.5.5 [ADDED] Verify that any authenticated signatures are operating in encrypt-then-MAC or encrypt-then-hash modes as required.

Proposed by Bart Preneel:

6.5.5 [ADDED] Verify that any combination of an encryption algorithm and a MAC algorithm is operating in encrypt-then-MAC modes as required.

Comment:

Digital signatures are rarely combined with encryption. I would not use the term signatures for a MAC algorithm.
@randomstuff
Copy link
Contributor Author

This would change the requirement completely.

Is there any need for the original requirement? Is this used in practice?

My problem with the proposed requirement is that TLS 1.2 uses MAC-then-encrypt for non AEAD (eg. TLS_AES_128_CCM_SHA256) (unless when using some TLS extension with does not appear to be used in practice). If we have this requirement, should some provision be made for legacy/compatibility (in particular with TLS 1.2)?

@randomstuff randomstuff mentioned this issue Jan 2, 2025
Open
@elarlang elarlang added the V6 label Jan 3, 2025
@jmanico
Copy link
Member

jmanico commented Jan 3, 2025 via email

@randomstuff
Copy link
Contributor Author

I just noticed the "authenticated signatures" wording, which is weird. I think we are talking both about authenticated encryption and signcryption here (?).

@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) labels Jan 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielcuthbert danielcuthbert

Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jmanico @randomstuff @danielcuthbert @tghosth @elarlang