Re: Granularity of authentication in swIPe

[tytso@ATHENA.MIT.EDU (Theodore Ts'o)]

   Date: Fri, 17 Jun 94 16:10:11 -0400
   From: Steve Kent <kent@BBN.COM>

   Phil,

	   As Ted Ts'o pointed out in a private message, the use of the
   LEAF with SKIPJACK is a good example where an "IV" cannot be just a
   sequence number.  Certainly you wouldn't want IPSP to not be
   compatible with FIPS 185 :-)!  SKIPJACK wasn't the example I had in
   mind, but it is representative of crypto hardware that insists on
   generating the IV itself, to minimize the possibility of repeating
   and IV already used under a given key.

Disclaimer --- I didn't say that this would be a good reason to allow
for non-random IV in IPSP --- I just asked Steve, somewhat tongue in
cheek, whether this was the "structured IV" that he was thinking about.  :-)

The sad fact of the matter is that even if FIPS 185 isn't a good reason
to allow for non-random IV's, my guess is that it's not the only form of
classified encryption hardware that requires users to use a machine
generated IV, and we probably should allow for them in our design.

Although some might consider it a feature if we designed a protocol
which precluded the use of FIPS 185, I don't think we can get away with
it this time....

						- Ted

---

Follow-Ups:

• Re: Granularity of authentication in swIPe
• From: "Perry E. Metzger" <perry@imsi.com>
• Re: Granularity of authentication in swIPe
• From: Steve Kent <kent@BBN.COM>

References:

• Re: Granularity of authentication in swIPe
• From: Steve Kent <kent@BBN.COM>

---

• Prev by Date: Re: Granularity of authentication in swIPe
• Next by Date: ^^^ Meaning of swIPe^^^
• Prev by thread: Re: Granularity of authentication in swIPe
• Next by thread: Re: Granularity of authentication in swIPe
• Index(es):
  • Main
  • Thread