[gnutls-devel] GnuTLS | Support for AES-GCM-SIV (#1356)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Apr 25 17:36:41 CEST 2022
Miroslav Lichvar created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1356
## Description of the feature:
AES-GCM-SIV is a nonce misuse-resistant authenticated encryption algorithm specified in
[RFC 8452](https://datatracker.ietf.org/doc/html/rfc8452). When compared to AES-SIV-CMAC, which is already supported in gnutls, it is faster and uses shorter keys.
## Applications that this feature may be relevant to:
The Network Time Security (NTS) protocol requires AES-SIV-CMAC, but it can negotiate a different AEAD. The length of the cookies exchanged in NTS-protected NTP packets is determined by the SIV algorithm.
There is an issue with some major ISPs that they block NTP packets longer than 200 bytes as a mitigation for some DDoS attacks exploiting the monitoring protocol of ntpd. If the servers and clients supported AES-GCM-SIV, the typical NTS-protected NTP packet would be shorter than 200 bytes and would not be blocked by the ISPs, greatly improving the reliability.
## Is this feature implemented in other libraries (and which)
No widely used crypto library seems to have this implemented yet.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1356
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220425/7db6f787/attachment.html>
More information about the Gnutls-devel
mailing list