83   Data Protection Algorithm list needs expanding

Created: 03 Dec 2024

Status: Triage

Part: Part 5 (2023, Edition 1, IS)

Links:

Page: 72

Clause: 8.4.2.4.4

Paragraph: 2

Issue

The Data Protection Algorithm list item number 11 is "AEAD-AES-256-GCM encryption" which is for encrypted payloads only. It is recommended that AES-256-GMAC be added for non-encrypted payloads. It is a single pass algorithm when encryption is not being performed and generates a tag field that is siilar in all respects to the AES-256-GCM tag field.

Proposal

Proposed solution.
Add an entry "12 := AES-256-GMAC (serial and networked)" and change the entry <12..127>:=... to <13..127>:=...

Discussion Created Status
I am OK with the proposal. But, if we add the GMAC algorithm to section 8.4.2.4.4, we should also add it to the list in section 8.3.5.4.5

I think it makes sense to do this. This way you can choose to only implement the AES primitive and use that for both integrity protection and encryption if you need it or want it. 		05 Dec 24 Triage

 

Privacy | Contact | Disclaimer

Tissue DB v. 25.7.7.1