[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Address as IV [was] Size of IV field in DES-CBC mode
Don't you just love these X.400 addresses:
In message <M11702.001.2s0u0.1.941219203854Z.CC-MAIL*/OU=SECCG/OU=AZBH/PRMD=MOT
/ADMD=MOT/C=US/@MHS> you wrote:
>
> Donald,
>
> Violating protocol layering is usually a bad idea. Environments exist where
> an
> end-system address may not follow the SAID end-to-end. IP addresses are
> supposed to be end-to-end, but many real systems translate the addresses.
>
> Your proposed approach will not work for IPv4. Is this a problem for IPv6?
>
> Paul
Paul,
I'm not exactly sure what you mean.
Is IPSP associated with the IP-layer or not? If it is, then a unique IP
address must be available at each end of the "association", it may be a "red"
address, unknown to the network at large, or a "black" address, available to
the network at large. In either case, for the datagram to be delivered to a
decryptor, it must be addressable, and the encryptor-decrytor pair must know
each other's "encrypting" address.
The other option is that IPSP is associated with the transport layer, where
several IP providers (addresses) may map to a particular transport provider.
But this option is hard to accommodate at gateways.
carl.
References: