On Thu, 15 Aug 2002, Housley, Russ wrote: > http://ftp.ietf.org/internet-drafts/draft-housley-ccm-mode-00.txt > > It contains a specification for an authenticated encryption mode.
While this merging is alluded to in the OCB paper and elsewhere, I still found the idea of the CCM mode interesting. It is taking two separate modes and merging them into one. It is performing authentication (CBC-MAC) then encryption (CTR), and, while I have not seen the details of the security of this scheme, I imagine it is somewhat focused on the notions outlined in the Krawczyk papers last year. I think this "expansion" of modes is a beneficial move. Instead of allowing protocol designers to attempt to figure out the proper ways to merge authentication and encryption modes, modes are being designed that cover the proper use of both. This is a good thing. Of course, I am not ignoring modes like OCB that use "blended constructs" to perform both encryption and authentication. Such modes can achieve the benefits of "merged modes" with potentially more efficiency. -Andrew --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
