Re: IVs, summary of discussion

[Hilarie Orman <ho@cs.arizona.edu>]

I'd like to vote against two trends here: violating protocol layering
and analyzing privacy and authentication as if they were totally
orthogonal.  Using the IP ID in IPSEC seems like a hack of such micro
advantage in its context as to approach silliness.  And with regard to
the mix-n-match approach to encryption and authentication/integrity. I
understand the goals, but I think it is dangerous to treat the issues
as separable; one has to look at the entire protocol with all options,
including the keying protocol, to do a meaningful analysis.  This
becomes increasingly difficult to do if there are options that permit
vulnerable encryption algorithms and/or re-use too much information.
In my opinion, IPSEC should not be allowed to flounder on such a spiky
bed.  Maybe one spike, but not a whole generic set.

---

Follow-Ups:

• Re: IVs, summary of discussion
• From: uri@watson.ibm.com
• Re: IVs, summary of discussion
• From: Phil Karn <karn@qualcomm.com>

References:

• Re: IVs, summary of discussion
• From: Phil Karn <karn@qualcomm.com>

---

• Prev by Date: Re: IVs, summary of discussion
• Next by Date: Re: IVs, summary of discussion
• Prev by thread: Re: IVs, summary of discussion
• Next by thread: Re: IVs, summary of discussion
• Index(es):
  • Main
  • Thread