[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IVs, summary of discussion

To: karn@qualcomm.com (Phil Karn)
Subject: Re: IVs, summary of discussion
From: uri@watson.ibm.com
Date: Mon, 29 Aug 1994 19:06:01 -0500 (EDT)
Cc: kent@BBN.COM, perry@imsi.com, ipsec@ans.net
In-Reply-To: <199408292030.NAA21469@servo.qualcomm.com> from "Phil Karn" at Aug 29, 94 01:30:23 pm
Reply-To: uri@watson.ibm.com

Phil Karn says:
> There is a basic question here: how much are we willing to rely on
> encryption algorithms to also provide authentication, vs using
> separate mechanisms designed specifically for the purpose?

I suggest - very little!

> So how about if we state that authentication is specifically *not* a
> requirement of an encryption algorithm? This is not to say that we
> can't provide a little integrity checking as long as it's "free",
> e.g., by making consistency checks on padding information required by
> various block chaining schemes. But I see no reason to disallow some
> particular encryption scheme just because its ciphertext is more
> vulnerable to modification than some other scheme. If integrity is a
> requirement, then use a scheme like keyed MD5 that is specifically
> designed for that purpose.

Yes, please "divorce" authentication/integrity checking from encryption!
--
Regards,
Uri         uri@watson.ibm.com      acheron!angmar!uri 	N2RIU
-----------
<Disclamer>

References:

Re: IVs, summary of discussion

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: IVs and IDENTs
Next by Date: Re: IVs, summary of discussion
Prev by thread: Re: IVs, summary of discussion
Next by thread: Re: IVs, summary of discussion
Index(es):
- Main
- Thread