On Mar 8, 2006, at 3:47 PM, Matt Ball wrote:
Propose that bullet 3 in section 4.1 be reworded to: 4.1=20
"Plaintext P
shall have a length from 1 to 2^36-32 bytes".
I removed the 'record' language from this statement.
(Again, if we're supported 'authenticate-only', we need to
support =20
zero
bytes of plaintext. I'll change that)
=20
Really... Didn't know that a 0 length record is possible.
A zero length plaintext is possible when running in authenticate-only.
In this case, there is not plaintext and all the data becomes AAD.
It's really more of a point of semantics. If it makes more sense,
I could clarify this point in the document.
Please do. I still do not understand a 0 length plaintext even in the
authenticate only mode. SCSI records can not be 0 length... If 0
length LTO datasets can be 0, maybe se should add this?
Propose to strike "the third bullet above shall not=20
encrypt a partial
media record with a separate IV and authentication tag, and" from
section 3.1. Propose to strike "the last bullet above shall
not encrypt
a partial media record with a separate IV and authentication
tag, =20
and"
from section 4.1.
I think it still makes sense to prevent encrypting partial records.
We just have to make it clear that the records we're=20
referring to are
not necessarily media records.
=20
I really don't understand this.
The main problem here is a matter of terminology. Using the term
'record' is probably a poor choice for describing the 'basic
encryption unit' because people think of 'media records'. The
two units should generally equate but this isn't necessary.
Maybe we could change the document to use a different term like
'Authenticated Block'.
Let me try an example. Take for instance the LTO-1 format, as
specified in ECMA-319. An LTO-1 tape drive will take a group of
host records, compress them, then place the compressed data into=20
a 'Data Set'. Each Data Set is then written to tape as a single
unit. In this architecture, a perfectly legitimate implementation
would be to encrypt on a Data Set basis instead of a Record
basis. Since the LTO-1 tape drive already needs to decompress a
Data Set as a group, why not decrypt it as well? In this
implementation, the basic encryption unit would be the 'data set',
and it would then be the responsibility of higher-level processing
to reassemble the decrypted and decompressed records.
OK. Yes. In a standard all that matters is the words and their meanings.
The goal of this statement is that the records that the customer gave
the drive are fully encrypted. I would suggest that encryption at the
LTO dataset level is perfectly acceptable provided that the entire
customer content is protected. I would not want to exclude this as a
possibility for the ECMA people to standardize. The arguments on
whether or not to do this can occur in that organization. A "beyond
the scope" statement may be valuable here.
I am guessing that, in LTO speak, The encryption of metadata
describing the dataset does not need to be encrypted...
Thanks. I appreciate the comments.
Jim
-Matt
