Re: IVs, summary of discussion

["Perry E. Metzger" <perry@imsi.com>]

Phil Karn says:
> There is a basic question here: how much are we willing to rely on
> encryption algorithms to also provide authentication, vs using
> separate mechanisms designed specifically for the purpose?

I don't think we should rely on the encryption algorithms, but neither
should we gratuitiously use ones that make authentication more
problematic. I don't think OFB would buy us anything (other than a
slight decrease in performance) and it would certainly make encryption
only packets more vulnerable to various sorts of attacks.

> Any authentication scheme requires redundancy (i.e., overhead) to
> work.  Different users are likely to make different overhead/security
> tradeoffs depending on their particular threats and the cost of the
> added overhead.
> 
> So how about if we state that authentication is specifically *not* a
> requirement of an encryption algorithm?

I would agree that this should be placed in the document. However, I
think that encryption algorithms that make the spoofer's job harder
even without authentication are a plus, all other things being equal.

> But I see no reason to disallow some particular encryption scheme
> just because its ciphertext is more vulnerable to modification than
> some other scheme.

Well, if it has no particular advantage over a similar method that
doesn't have this bad property, I see no reason to adopt such an
algorithm. If it has other advantages, I would agree with you.

Perry

---

References:

• Re: IVs, summary of discussion
• From: Phil Karn <karn@qualcomm.com>

---

• Prev by Date: Re: IVs and IDENTs
• Next by Date: Re: IVs, summary of discussion
• Prev by thread: Re: IVs, summary of discussion
• Next by thread: Re: IVs, summary of discussion
• Index(es):
  • Main
  • Thread