[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Granularity of authentication in swIPe
Date: Fri, 17 Jun 94 16:10:11 -0400
From: Steve Kent <kent@BBN.COM>
Phil,
As Ted Ts'o pointed out in a private message, the use of the
LEAF with SKIPJACK is a good example where an "IV" cannot be just a
sequence number. Certainly you wouldn't want IPSP to not be
compatible with FIPS 185 :-)! SKIPJACK wasn't the example I had in
mind, but it is representative of crypto hardware that insists on
generating the IV itself, to minimize the possibility of repeating
and IV already used under a given key.
Disclaimer --- I didn't say that this would be a good reason to allow
for non-random IV in IPSP --- I just asked Steve, somewhat tongue in
cheek, whether this was the "structured IV" that he was thinking about. :-)
The sad fact of the matter is that even if FIPS 185 isn't a good reason
to allow for non-random IV's, my guess is that it's not the only form of
classified encryption hardware that requires users to use a machine
generated IV, and we probably should allow for them in our design.
Although some might consider it a feature if we designed a protocol
which precluded the use of FIPS 185, I don't think we can get away with
it this time....
- Ted
Follow-Ups:
References: