Currently GPSK makes an implicit assumption that the MAC output size will be the same as the key size. This will not always be the case as it is possible for the MAC output size to be different than the key size. For example it has been pointed out that AES-CMAC-256 has a 128 bit output.
It seems that we have 2 choices: 1) Leave the key size and MAC size linked as they are and note the limitation. The current draft does this in section 4. This imposes limitations on the types of cipher suites defined. 2) Make key size and MAC size independent. This would require some changes in the document. This would at least require changes to section 4 (remove text about limitation), section 6 (add MAC length parameter to table), section 7 (use MAC length instead of KS when determining the number of output blocks), section 9.3 (fix the MAC length), section 13 (cipher suites need to define MAC length). Which solution do you prefer? Thanks, Joe _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
