[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IVs, summary of discussion

To: atkinson@itd.nrl.navy.mil
Subject: Re: IVs, summary of discussion
From: Steve Kent <kent@BBN.COM>
Date: Mon, 29 Aug 94 11:26:05 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Sun, 28 Aug 94 09:59:34 -0500. <9408280959.ZM6131@sundance.itd.nrl.navy.mil>

Ran,

	I assumed that Phil was proposing to use the fragment ID from
each packet to act an an IV for a packet.  If the packet is NOT
fragmented enroute, as I suggested in a memo a while ago, then this ID
provides sufficient context to decrypt each arriving packet,
irrespective of order of arrival.  So, in that context, I'm confused
by the comment you attribue to Jeff re OFB vs. CBC mode and packet
arrival/loss problems.  

	Note my comment about the importance of not having packets
fragment enroute.  If fragmentation can occur before and after
encryption, then there is ambiguity in the reassembly/decryption
process.  Also, one is left open to denial of service attacks if
enroute fragmentation is allowed.

Steve

References:

Re: IVs, summary of discussion

From: Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>

Prev by Date: Re: IVs, summary of discussion
Next by Date: Re: IVs, summary of discussion
Prev by thread: Re: IVs, summary of discussion
Next by thread: Re: IVs, summary of discussion
Index(es):
- Main
- Thread