[OpenTRV-dev] Fwd: Comments on proposed securable OpenTRV frame format very welcome...

Damon Hart-Davis damon at opentrv.uk
Mon Dec 21 17:44:26 GMT 2015

Comments on the frame format, echoing what some of you have already said.



> Begin forwarded message:
> From: Paul Galwas 
> Subject: Re: Comments on proposed securable OpenTRV frame format very welcome...
> Date: 21 December 2015 at 15:33:27 GMT
> Hi Damon,
> Things look to be progressing well. A couple of comments:-
> 1) ‘tr	else security info (such as authentication tag) and possibly
> padding’:
> I’m concerned that with no CRC when the payload is encrypted there will be
> no way to detect corruption of the header fields, and the bodyLength
> (‘bl’) in particular. However, I’ve not thought through in detail the
> possibly ramifications and impact - especially from malicious corruption.
> 2) 'Construction and use of IV/nonce’:
> I’m concerned that this construction of IV may be flawed, and suggest
> checking against Appendix A, Recommendation
> for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC,
> NIST Special Publication 800-38D, November 2007, NIST
> http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
> I believe that the uniqueness condition is not met. One alternate approach
> would be to XOR with a random nonce, e.g. see Sect 9.1, AES-GCM
> Authenticated Encryption in Secure RTP (SRTP),
> draft-ietf-avtcore-srtp-aes-gcm-16, 5 June 2015,
> https://tools.ietf.org/pdf/draft-ietf-avtcore-srtp-aes-gcm-16.pdf

More information about the OpenTRV-dev mailing list