[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) Authentication and encryption.

To: uri@watson.ibm.com
Subject: Re: (Fwd) Authentication and encryption.
From: "Housley, Russ" <housley@spyrus.com>
Date: Thu, 01 Sep 94 07:15:05
Cc: ipsec@ans.net
Encoding: 2285 Text



My summary of this discussion is that IPSP should support confidentiality, 
integrity, and both confidentiality and integrity.  The security association 
will determine which security services are provided.

When both onfidentiality and integrity are provided the integrity check 
function can take advantage of the error extension provided by the cipher.  
The properties of the encryption mode and algorithm used are of the utmost 
importance in selecting a compatible integrity check function.  A simple 
integrity function can be used in conjunction with an appropriate encryption 
scheme.  In this way, the integrity and confidentiality can be provided at 
less computational expense that providing the two independently.

Did I miss a major conclusion?

Russ

______________________________ Reply Separator _________________________________
Subject: Re: (Fwd) Authentication and encryption.
Author:  uri@watson.ibm.com
X-Mailer: ELM [version 2.4 PL20] at internet
Date:    8/31/94 10:46 AM


James P. Hughes says:
> The CRC under the encryption is not a "normal" integrity check. "Normal" 
> integrity checks are over the entire encrypted packet and protect the
> data from random noise. i.e. CRC32 on Ethernet.

Again, I don't want to spend too much time/efforts on exploring this. 
My "feeling" is - that without ASSumptions about method and mode of 
encryption one can't reliably ASSume anything about integrity
checks done even on cleartext prior to encryption, because 
there can be ways to modify the data without it being 
detected by that integrity check (and without
disturbing the encryption, of course :-).

> Is it your assertion that "that the attacker must know the key" to reliabily 
> change the data can not be proven?

I'm not sure I understand what you mean - but I'll answer anyway (:-). 
Not only it can't be proven, but I think it's outright wrong in 
general.  There are integrity checks that are expensive and
secure, and there are ones that are cheap and "breakable".
Some encryption modes/methods can vouch for data integrity (to some 
extent - I don't want to dive into this now) and some can NOT...
--
Regards,
Uri         uri@watson.ibm.com      acheron!angmar!uri  N2RIU 
-----------
<Disclamer>

Prev by Date: Re[2]: (Fwd) Authentication and encryption.
Next by Date: OSE Implementors Workshop Sec-Sig: Draft Minutes
Prev by thread: Re[2]: (Fwd) Authentication and encryption.
Next by thread: OSE Implementors Workshop Sec-Sig: Draft Minutes
Index(es):
- Main
- Thread