Re: IVs, summary of discussion

["Perry E. Metzger" <perry@imsi.com>]

smb@research.att.com says:
> 	 So I take it that there's general agreement that Mode 1 encryption
> 	 (single key DES/CBC, as we've already discussed) can use the IPv4 ID
> 	 field as the IV? Remember that we intend this mode to be mandatory in
> 	 all IPSEC implementations to provide basic interoperability (only the
> 	 implementation is mandatory, not its actual use). So it's really
> 	 important that it not be too difficult to add to existing
> 	 implementations.
> 
> Except, of course, that IPv6 doesn't have the id field.

I see this as something of a problem. Maybe there is some way we can
specify this so that when packets go through a V6/V4 translation we
get some sort of reasonable move of the IV into/out of the IPSP
section of the packet...

Perry

---

References:

• Re: IVs, summary of discussion
• From: smb@research.att.com

---

• Prev by Date: Re: IVs, summary of discussion
• Next by Date: Re: IVs, summary of discussion
• Prev by thread: Re: IVs, summary of discussion
• Next by thread: Re: IVs, summary of discussion
• Index(es):
  • Main
  • Thread