Niels Möller wrote:
b) Allow a MAC algorithm to depend on encrpytion algorithm properties, in the way that keyex algorithms depend on properties of host key algorithms. This means that such an algorithm can be considered only if the selected encryption algorithm has whatever property it depends on. Then specify a single do-nothing MAC algorithm which depends on AEAD encrpytion algorithm.This makes sense to me. I'd prefer this option, then. The name could be "none-if-aead".
I must say I really hate this one. Instead of one simply defined "magic" cipher algorithm name that would have, if selected, a side effect of abolishing MAC, we would have a "magic" MAC name with much more complicated interdependency to cipher list.
To make it even more clear, the cipher name for aead could me something like "aes128-aead-nomac". Then if someone likes to implement aead with additional mac (I don't know why anyone would do that) then "aes128-aead%foo.bar@localhost" kind of name could be used.
-- Timo J. Rinne <tri%ssh.com@localhost> Valimotie 17 +358 20 500 7000 T Chief Technology Officer FIN-00380 Helsinki +358 20 500 7397 F SSH Communications Security Corp. Finland http://www.ssh.com