[Sls-sea-dls] Exclusive CMAC use in SDLS
Sipos, Brian J.
Brian.Sipos at jhuapl.edu
Mon Nov 3 12:17:21 EST 2025
SDLS WG,
I'm posting a question to the mailing list because I'm not able to search
the mail archive and haven't come across any discussion on this topic in
recent years looking through the archives manually.
The current SDLS blue books and green book prescribe a single variation of
AES-GCM for AEAD and AES-CMAC for authentication. Was there any earlier
discussion about other authentication methods (e.g. HMAC with SHA2.) that
led to the current books? Or was it deemed more consistent to use CMAC
because of the shared AES primitive with the AEAD cipher suite?
I'm asking from the perspective of the full list of approved algorithms from
FIPS 140-3 [1] under Section 6.2.6, which includes some block cipher based
(including CMAC) and some hash based, and which primitives in that list
would be more or less acceptable to CCSDS community because of technical
limitations, required conformances, historical reasons, etc.
Thanks for any feedback or pointers to earlier mailing list discussion about
this.
Brian S.
[1]
https://csrc.nist.gov/Projects/cryptographic-module-validation-program/sp-80
0-140-series-supplemental-information/sp800-140c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20251103/28105f1c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6541 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20251103/28105f1c/attachment.bin>
More information about the SLS-SEA-DLS
mailing list