[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SWIPE

To: Paal Hoff <paalh@nta.no>
Subject: Re: SWIPE
From: "Housley, Russ" <housley@spyrus.com>
Date: Fri, 04 Mar 94 10:24:10
Cc: ipsec@ans.net
Encoding: 2108 Text


Hoff:

>> You say:
>>    - It is unclear why the author introduces an additional protocol
>>      type (the IPPROTO_SWIPE).
>> 
>> Many management packages look inside packets.  There must be a protocol 
>> identifier that warns these packages that they will not be able to 
>> parse the contents of the IP datagram.  That is, the IP datagram is not 
>> carrying TCP or UDP.
>
>If this is the motivation, I see the point. Our "sniffer" is of course
>quite confused when it listens to encrypted IP traffic in our lab
>installation.

I have experienced this problem with other crypto experiments, and this 
must be solved for the IPSP to be accepted by the general Internet 
population.  Therfore, an IPPROTO_IPSP will be needed!


>> You say:
>>    - The swIPe protocol claims to support a "wide variety" of crypto 
>>      systems. Well, this wide variety actually excludes all stream 
>>      ciphers. If you use a stream-cipher, you will have to carry 
>>      some use-and-discard crypto synchronization per packet, such as 
>>      a random IV or an encrypted random packet encryption key.
>>      There is no room for this in the swIPe header. 
>>
>> Why can't you simply prepend the IV to the ciphertext?  The ciphertext 
>> will  be longer than the plaintext, but I do not see this as a problem.
>> Do you?
>
>I admit that my claim disfavors SWIPE a bit.  Surely, I can do what you
>describe. But what will be the standard way of doing it?  The problem 
>is not that SWIPE excludes the use of stream-ciphers, but it does not
>standardize the method of carrying crypto sync pr packet. I buy your
>argument, but if the ambition of SWIPE is to ease interoperability, I
>think it should specify this. I do not see it as a problem that the
>ciphertext is longer than the plaintext.

The lenght of the IV depends on the crypto algorithm that is used.  I 
recommend that the standard be that the IV prepended to the ciphertext.  
Since the recipient will know which algorithm is being used, the recipient 
will know how many octets to interpret as the IV.

Russ

Prev by Date: Re: Comments on IPSEC work
Next by Date: IETF meeting
Prev by thread: Re: Comments on IPSEC work
Next by thread: IETF meeting
Index(es):
- Main
- Thread