On Mar 7, 2006, at 6:11 PM, Matt Ball wrote:
Propose that bullet 3 in section 3.1 be reworded to: 3.1 "Plaintext P
shall have a length from 1 to 2^24"
It might be better to not impose any limit, but rather let the
particular
application define a limit. 16 MB is a customary limit in SCSI tape
drives, but we don't necessarily need to specify this limit in 1619.1.
I believe the CCM spec limits the plaintext to at most 2^64 bytes.
We should probably change the upper limit to 2^64. A particular
implementation may impose other limits, as appropriate.
(If we allow 'authenticate-only', we'd also have to allow for zero
bytes
of plaintext.)
This impacts the nonce size. going to an upper limit of 2^64 reduces
the usable nonce length from 12 bytes to 7. A pretty dramatic change.
Propose that bullet 3 in section 4.1 be reworded to: 4.1 "Plaintext P
shall have a length from 1 to 2^36-32 bytes".
I removed the 'record' language from this statement.
(Again, if we're supported 'authenticate-only', we need to support
zero
bytes of plaintext. I'll change that)
Really... Didn't know that a 0 length record is possible.
Propose to strike "the third bullet above shall not encrypt a partial
media record with a separate IV and authentication tag, and" from
section 3.1. Propose to strike "the last bullet above shall
not encrypt
a partial media record with a separate IV and authentication tag,
and"
from section 4.1.
I think it still makes sense to prevent encrypting partial records.
We just have to make it clear that the records we're referring to are
not necessarily media records.
I really don't understand this.
Jim
