Technical Summary
This document defines algorithms for authenticated encryption with
additional authenticated data (AEAD), and defines a uniform interface
and a registry for such algorithms. The interface and registry can
be used as an application independent set of cryptoalgorithm suites.
This approach provides advantages in efficiency and security, and
promotes the reuse of crypto implementations. This document
is referenced by the TLS 1.2 draft as a normative dependancy, which has
the benefit of establishing a uniform, well-documented, and well-reviewed
interface to authenticated encryption algorithms in TLS.
Working Group Summary
This document is a personal submission, but was discussed at length on the
CFRG email list. This draft reflects the CFRG's feedback. Revisions have
narrowed the scope of the document and aligned it more with some
existing practice, while at the same time removing a couple of
restrictions that the theoretical community objected to.
Protocol Quality
This specification was reviewed for the IESG by Tim Polk.
Note to RFC Editor
Please make the following change in section 8, first sentence of paragraph
2.
OLD:
AEAD algorithms that rely on distinct nonces MAY NOT be appropriate
for some applications or for some scenarios.
NEW
AEAD algorithms that rely on distinct nonces may be inappropriate
for some applications or for some scenarios.
This document also contains a normative reference to [GCM], a standard
that is in progress at another standards development organization. Final
publication is expected in November 2007. Please confirm final
publication of NIST Special Publication 800-38D "Recommendation for Block
Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC" before
publishing this RFC. To verify the status of 800-38D, please contact
<morris.dworkin@nist.gov>. Please CC <tim.polk@nist.gov> on the
message.