Re[4]: Granularity of authentication in swIPe

["Housley, Russ" <housley@spyrus.com>]

Perry:

In a previous messag, I said:

> I see you contradicting yourself.  Perhaps I am misunderstanding you. 
> 
> On one hand, you say that you want to keep the SAID small.  You suggest 16 
> bits.  On the other hand, you want add sequence numbers for a faciltiy 
> which you claim is not "bulletproof."

And, you asked me to expand on my question.  I'll try.

On one hand, Phil argues for minimal overhead.  Then, on the other hand, 
Phil argues that the overhead associated with sequence numbers is 
acceptable even though the mechanism provided is not "bulletproof."

I think that the group has come to concensus that the IV cannot double as a 
sequence number in all cases.  Thus, if we are going to support sequence 
numbers as a mechanism, the IPSP must allow both the sequence number and an 
IV.

So, is Phil advocating a security protocol with minimum overhead or a 
security protocol with lots of features and more overhead.  Perhaps he wants 
a middle ground solution where a mimimum overhead core feature set is 
supplemented by optional, higher overhead features.  If the middle ground 
solution is being proposed, I missed it.

Russ

P.S.  You also asked:

> BTW, is "spyrus.com" the same Spyrus that makes the SCSI based 
> reader for Tessera cards?

Yes.  We make a SCSI PCMCIA Card Adapter.  It is often used with TESSERA, 
but it can be used with any PCMCIA card.

We also make other security products, including a PCMCIA Crypto Card that 
does DES, RC4, RSA, D-H, MD2 and MD5.

---

• Prev by Date: Re: Granularity of authentication in swIPe
• Next by Date: swIPe comments
• Prev by thread: Re: Granularity of authentication in swIPe
• Next by thread: Re: Granularity of authentication in swIPe
• Index(es):
  • Main
  • Thread