> We have some challenges. > > The CCM spec does not allow long IVs. > > Thinking out loud... If we do not want to use SHA-1, would it be > possible to K2 = E_k1(id) or K2 = E_id(k11) where k1 is the key > provided, id is a 16 byte is vendor unique (or standard name) and K2 > is the actual media key. This way, we don't introduce a new > algorithm > into the standard? (more algorithms, more potential weaknesses).
Can we just drop CCM from the draft at this time? I was surprised to find CCM added to the draft that was presented at the last working group meeting. I assume that adding CCM was discussed before I joined the mailing list. If so, sorry! So, why do we need both CCM and GCM? If someone really wants to keep CCM, then please send out some Rationale text that would be suitable for inclusion into the appendix. chongo () /\oo/\
