Re: Internet Protocol Security Protocol (ipsec)

[Bob Smart <smart@mel.dit.csiro.au>]

>pesdue-random seed value, but it fails to provide unpredictable error
>propogation, an important feature in support of detecting modification

If everyone else on this list is familiar with the phrase "unpredictable
error propogation" then obviously I'm a bit behind. However the only
way to learn on an IETF list is to make a fool of yourself. It's worked
for me in the past!

Let me guess. Unpredictable error propogation means that if someone 
changes a bit in a packet then the decrypted stream will not just
be temporarily wrong but will stay completely wrong from then on.
This increases the chance that the underlying process will die
rather than do something subtly wrong.

As a data integrity check this seems incredibly crude. Wouldn't it
be better to add separate integrity checking as well?

Also doesn't it put you at risk of having your network layer drop out
after a hardware glitch? The upper layer protocols might have recovered
happily from the glitch but you don't give them a chance.

Alternatively I'm sure we can devise a system that allows substantial
precomputation but still has feedback at the last minute that doesn't
require a lot of overhead. I still think precomputation is essential
for high speed encryption/decryption, which is in turn essential for
network layer encryption.

Bob Smart

---

Follow-Ups:

• Re: Internet Protocol Security Protocol (ipsec)
• From: Steve Kent <kent@BBN.COM>

References:

• Re: Internet Protocol Security Protocol (ipsec)
• From: Steve Kent <kent@BBN.COM>

---

• Prev by Date: Re: Internet Protocol Security Protocol (ipsec)
• Next by Date: Re: Internet Protocol Security Protocol (ipsec)
• Prev by thread: Re: Internet Protocol Security Protocol (ipsec)
• Next by thread: Re: Internet Protocol Security Protocol (ipsec)
• Index(es):
  • Main
  • Thread