[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[4]: Address as IV [was] Size of IV field in DES-CBC m

To: perry@imsi.com
Subject: Re[4]: Address as IV [was] Size of IV field in DES-CBC m
From: Paul_Lambert-P15452@email.mot.com
Date: 20 Dec 94 11:33:00 -0600
Cc: ipsec@ans.net


Perry,

>In this context, however, we would assume that the encrypting IPSP
>tunnel would have to end at the end of the IP tunnel since IPSP is
>only defined in an IP context. (other contexts might be defined but
>this being the IETF we concern ourselves with IP.)

You are correct that the scope of our work is to protect IP.  My end-to-endness 
issue is valid primarily for mixed (IP and non-IP) environments.  

The binding of IP addresses to an SAID need not be one-to-one.  A pair of 
router-like devices can communicate over a single security association (one 
SAID), but use multiple "black" IP addresses.  This is part of a more 
complicated scenario that is partially documented in the SP3 cooperating 
families appendix (see the NIST publication).  I am not a strong advocate of 
this approach, but once again, if possible we should not limit the capabilities 
of IPSP by our choice of an IV extension mechanism.

There seem to be lots of other alternatives for IV extension ....

Paul

Prev by Date: Re: Re[2]: Address as IV [was] Size of IV field in DES-CBC mode
Next by Date: Re: Networking Model for Crypto-services [was] Re[2]: Address as IV [was] Size of IV field in DES-CBC mode
Prev by thread: Re: Summary - IV field in DES-CBC mode
Next by thread: Re[2]: Networking Model for Crypto-services [was] Re[2]: Ad
Index(es):
- Main
- Thread