No Subject

["Perry E. Metzger" <pmetzger@lehman.com>]

Steve Kent says:
> 	I think you may have misinterpreted Phil's point.  The use of
> a signed or encrypted hash, at any layer, is still an application of
> crypto for autehntication and integrity and thus subject to different
> export controls than crypto useful for generic confidentiality.

Perhaps I did misinterpret him a bit, but I frankly don't care about
export controls, and neither should anyone else in this context. Not
all of the world is run by the NSA. Outside the US there are plenty of
smart people that can reimplement the cryptography specified any RFCs
we produce, in spite of the pretense on the part of our "friends" in
Washington that only Americans can implement cryptography software
from specs. There is thus no reason to limit ourselves in any way.

> 	Confidentiality is applied in many link layer contexts without
> benefit of cryptographic authentication.  However, depending on the
> mode of use of cryptography, and the underlying error detection
> mechanism, your statement about confidentiality being equivalent to
> crypto-based authentication may be false.  For example, use of DES in
> OFB mode offers no protection against modification (through
> unpredictable error propagation)

Thats true, which is why checksums, CRCs, MD5s, etc, were
invented. One always encrypts them if possible. They end up being a
natural part of algorithms like swIPe -- they are built in by happy
coincidence because the underlying protocols will checksum and they
get encapsulated.

In any case, OFB is a strange special case, and shouldn't be used
anyway except under unusual circumstances -- and even then if one is
talking about IP security one can presumably checksum.

Perry

---

• Prev by Date: No Subject
• Next by Date: No Subject
• Prev by thread: No Subject
• Index(es):
  • Main
  • Thread