[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IVs, summary of discussion

To: mgc@ironwood.cray.com
Subject: Re: IVs, summary of discussion
From: Phil Karn <karn@qualcomm.com>
Date: Sat, 27 Aug 1994 23:42:27 -0700
Cc: smb@research.att.com, colin@nyx.cs.du.edu, ipsec@ans.net
In-Reply-To: <9408271819.AA22369@poplar006> (message from Mark Christenson on Sat, 27 Aug 1994 13:19:12 -0500)

Thanks for the comments on and code excerpts from BSD. Looks like
there's no real problem in doing this.

So I take it that there's general agreement that Mode 1 encryption
(single key DES/CBC, as we've already discussed) can use the IPv4 ID
field as the IV? Remember that we intend this mode to be mandatory in
all IPSEC implementations to provide basic interoperability (only the
implementation is mandatory, not its actual use). So it's really
important that it not be too difficult to add to existing
implementations.

By the way, in the draft text I sent yesterday to Perry, I specify
that the ID value be left-justified in the 8-byte IV field, with the
remaining 6 bytes set to zero. My thinking is that the first two bytes
of a TCP or an IP header (depending on what is being encapsulated) are
usually constant from one packet to the next. This makes it fairly
unlikely that XORing in the ID field (which is incremented after every
packet) would produce the same plaintext input to DES for more than
one packet.  But the ID field could just as easily be placed elsewhere
in the IV, or it could even be repeated 4 times if
necessary. Comments?

Phil

Follow-Ups:

Re: IVs, summary of discussion

From: Steve Kent <kent@BBN.COM>

References:

Re: IVs, summary of discussion

From: Mark Christenson <mgc@ironwood.cray.com>

Prev by Date: Re: IVs
Next by Date: Re: IVs, summary of discussion
Prev by thread: Re: IVs, summary of discussion
Next by thread: Re: IVs, summary of discussion
Index(es):
- Main
- Thread