[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IVs, summary of discussion
smb@research.att.com says:
> So I take it that there's general agreement that Mode 1 encryption
> (single key DES/CBC, as we've already discussed) can use the IPv4 ID
> field as the IV? Remember that we intend this mode to be mandatory in
> all IPSEC implementations to provide basic interoperability (only the
> implementation is mandatory, not its actual use). So it's really
> important that it not be too difficult to add to existing
> implementations.
>
> Except, of course, that IPv6 doesn't have the id field.
I see this as something of a problem. Maybe there is some way we can
specify this so that when packets go through a V6/V4 translation we
get some sort of reasonable move of the IV into/out of the IPSP
section of the packet...
Perry
References: