Re: Core draft last call update.

To: David Wagner <daw%mozart.cs.berkeley.edu@localhost>
Subject: Re: Core draft last call update.
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Tue, 12 Mar 2002 23:30:31 +0100

On Mon, Mar 11, 2002 at 09:22:05AM +0000, David Wagner wrote:
> Markus Friedl  wrote:
> >As to CTR: AFAIK in CTR mode the handling, formating of the counter
> >needs some work before we can agree, e.g the proposal for aes128-ctr in
> >IPsec makes size(ciphertext) != size(plaintext), so CTR should not be
> >added now, because it will delay the process significantly.
> >
> >So, if we would need a spec for OFB/CFB (with cipher block-sized
> >feedback) soon.
> 
> Hmm.  I must admit I'm a little confused: what are the reasons to
> prefer OFB mode over CTR mode?  Are there some security reasons?  Is it
> something else?  I don't see anything terribly wrong with OFB mode,
> but I'd like to understand why it is preferred over CTR mode.

my point is that for CTR there is no common format (e.g.
how is the counter encoded, etc) whereas a spec for OFB mode
is simpler.

> P.S. I assumed that if there is a known security weakness, it would be
> disclosed in the RFC, so I'm surprised that you consider it a bad thing to
> have a paragraph describing the weakness.

i think it's bad to have such a paragraph without offering
alternative cipher modes.

Follow-Ups:
- Re: Core draft last call update.
  - From: David Wagner

References:
- Re: Core draft last call update.
  - From: Bill Sommerfeld
- Re: Core draft last call update.
  - From: Wei Dai
- Re: Core draft last call update.
  - From: Markus Friedl
- Re: Core draft last call update.
  - From: David Wagner

Prev by Date: Re: Core draft last call update.
Next by Date: working group last call is complete.
Previous by Thread: Re: Core draft last call update.
Next by Thread: Re: Core draft last call update.
Indexes:

Home | Main Index | Thread Index | Old Index