Re: Granularity of authentication in swIPe

[tytso@ATHENA.MIT.EDU (Theodore Ts'o)]

   Date: Wed, 22 Jun 94 11:20:57 -0400
   From: Steve Kent <kent@BBN.COM>

	   However, if one wants to save space in the header by reusing
   the sequence number as the IV, this is in conflcit with the approach
   described above.  Rather, the IPSP would have to pass the sequence
   number field to the crypto software as an IV and that would require
   that IPSP "know" that the sequence number was being used as an IV by
   some algorithms.  That strikes me as not conducive to a modular IPSP
   design, and thus I am arguing against it.  

It depends on how you look at it.  If IPSP always passes a pointer of
the header structure to the crypto software along with the ciphertext
portion of the packet, the IPSP layer need not "know" anything about
what, if anything, some particular crypto layer might use from the
header portion of the packet.  It does has the downside of making it
harder to reuse that interface crypto layer for some other non-IPSP
layer on top --- but I'm not convinced that that level of modularity is
really all that worthwhile.

						- Ted

---

Follow-Ups:

• Re: Granularity of authentication in swIPe
• From: Steve Kent <kent@BBN.COM>

References:

• Re: Granularity of authentication in swIPe
• From: Steve Kent <kent@BBN.COM>

---

• Prev by Date: Re[2]: Granularity of authentication in swIPe
• Next by Date: Re: Granularity of authentication in swIPe
• Prev by thread: Re: Granularity of authentication in swIPe
• Next by thread: Re: Granularity of authentication in swIPe
• Index(es):
  • Main
  • Thread