[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Granularity of authentication in swIPe
- To: Steve Kent <kent@BBN.COM>
- Subject: Re: Granularity of authentication in swIPe
- From: "Perry E. Metzger" <perry@imsi.com>
- Date: Wed, 22 Jun 1994 10:57:16 -0400
- Cc: ipsec@ans.net
- In-Reply-To: Your message of "Wed, 22 Jun 1994 09:56:57 EDT." <199406221433.KAA20740@wintermute.imsi.com>
- Reply-To: perry@imsi.com
Steve Kent says:
> I think the best approach is to let sequence numbers be
> sequence numbers, and not try to load other requirements on them. As
> you observed, different encryption algorithms and modes of use have
> different requirements for IVs and IPSP should be algorithm independent.
That might be reasonable at some times, and not the most efficient
strategy at others. I'd say that since the contents of a swIPe packet
are basically opaque it is up to the people standardizing the use of
any particular cipher with swIPe and not a proper part of swIPe per
se. After all, to an outside observer, there is no way to know what
cipher, IV, or anything else is in use with a particular policy.
I will agree, however, that there will certainly be instances in which
a sequence number is not a reasonable IV.
Perry
Follow-Ups: