Re: Granularity of authentication in swIPe

[Steve Kent <kent@BBN.COM>]

Ted,

	If you pass a pointer to the IPSP header to a crypto module,
then that module must be able to look through the IPSP header to
locate the beginning of the encrypted data, at the least.  If you want
to make use of the "sequence number as IV hack," then the crypto
module has to locate the sequence number and the beginning of the
encrypted data.  Both of these are examples of what I meant by parsing
the IPSP header.  That's in contrast to passing a pointer to the
beginning of the encrypted data to the crypto module, and letting it
be independent of the IPSP header format.  I agree that you can add a
layer of indirection to this processing to handle the IPSP header
parsing between the mainline IPSP routine and the crypto module, but
that does strike me as not so clean.

	Perhaps another way to look at this is to note that using a
sequence number as IV may require the sequence number to be much
larger than otherwise would be required.  Does this mean that an IPSP
implementation must be able to do arithmetic on this large field, or
do we send a more reasonable size sequence number and zero fill it on
the left to make the requisite IV size, or what?  I'm just not
convinced that this "dual use" approach to sequence numbers is a good
idea.

Steve

---

References:

• Re: Granularity of authentication in swIPe
• From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)

---

• Prev by Date: Re: Granularity of authentication in swIPe
• Next by Date: Re: Granularity of authentication in swIPe
• Prev by thread: Re: Granularity of authentication in swIPe
• Next by thread: Re: Granularity of authentication in swIPe
• Index(es):
  • Main
  • Thread