An Interface and Algorithms for Authenticated Encryption
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com> Subject: Protocol Action: 'An Interface and Algorithms for Authenticated Encryption' to Proposed Standard The IESG has approved the following document: - 'An Interface and Algorithms for Authenticated Encryption ' <draft-mcgrew-auth-enc-06.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-mcgrew-auth-enc-06.txt
Technical Summary This document defines algorithms for authenticated encryption with additional authenticated data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used as an application independent set of cryptoalgorithm suites. This approach provides advantages in efficiency and security, and promotes the reuse of crypto implementations. This document is referenced by the TLS 1.2 draft as a normative dependancy, which has the benefit of establishing a uniform, well-documented, and well-reviewed interface to authenticated encryption algorithms in TLS. Working Group Summary This document is a personal submission, but was discussed at length on the CFRG email list. This draft reflects the CFRG's feedback. Revisions have narrowed the scope of the document and aligned it more with some existing practice, while at the same time removing a couple of restrictions that the theoretical community objected to. Protocol Quality This specification was reviewed for the IESG by Tim Polk. Note to RFC Editor Please make the following change in section 8, first sentence of paragraph 2. OLD: AEAD algorithms that rely on distinct nonces MAY NOT be appropriate for some applications or for some scenarios. NEW AEAD algorithms that rely on distinct nonces may be inappropriate for some applications or for some scenarios. This document also contains a normative reference to [GCM], a standard that is in progress at another standards development organization. Final publication is expected in November 2007. Please confirm final publication of NIST Special Publication 800-38D "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC" before publishing this RFC. To verify the status of 800-38D, please contact <firstname.lastname@example.org>. Please CC <email@example.com> on the message.