Re: Address as IV [was] Size of IV field in DES-CBC mode

[Carl Muckenhirn <cfm@columbia.sparta.com>]

Don't you just love these X.400 addresses:
In message <M11702.001.2s0u0.1.941219203854Z.CC-MAIL*/OU=SECCG/OU=AZBH/PRMD=MOT
/ADMD=MOT/C=US/@MHS>  you wrote:
> 
> Donald,
> 
> Violating protocol layering is usually a bad idea.  Environments exist where 
> an 
> end-system address may not follow the SAID end-to-end.  IP addresses are 
> supposed to be end-to-end, but many real systems translate the addresses.  
> 
> Your proposed approach will not work for IPv4.  Is this a problem for IPv6?
> 
> Paul

Paul, 

I'm not exactly sure what you mean.  

Is IPSP associated with the IP-layer or not? If it is, then a unique IP
address must be available at each end of the "association", it may be a "red"
address, unknown to the network at large, or a "black" address, available to
the network at large. In either case, for the datagram to be delivered to a
decryptor, it must be addressable, and the encryptor-decrytor pair must know
each other's "encrypting" address.  

The other option is that IPSP is associated with the transport layer, where
several IP providers (addresses) may map to a particular transport provider.
But this option is hard to accommodate at gateways.

carl.

---

References:

• Address as IV [was] Size of IV field in DES-CBC mode
• From: Paul_Lambert-P15452@email.mot.com

---

• Prev by Date: Re: Address as IV [was] Size of IV field in DES-CBC mode
• Next by Date: Re: Size of IV field in DES-CBC mode
• Prev by thread: Re: End to End integrity (was 4 byte vs 8 byte IVs for DES)
• Next by thread: Re[2]: Address as IV [was] Size of IV field in DES-CBC mode
• Index(es):
  • Main
  • Thread