[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-<many>-00.txt

To: ipsec@ans.net
Subject: Re: draft-ietf-ipsec-<many>-00.txt
From: "William Allen Simpson" <bill.simpson@um.cc.umich.edu>
Date: Tue, 17 Jan 95 03:21:08 GMT
Reply-To: bsimpson@morningstar.com

> From: "Housley, Russ" <housley@spyrus.com>
> In particular, to provide both confidentiality and integrity, I need to use
> both encapsulation protocols.  I thought that we would allow something
> similar to ESP for both confidentiality and integrity.
>
Thanks for reading it, but you missed the few mentions.  Perhaps they
need to be longer?

   The Encapsulating Security Payload (ESP) seeks to provide integrity
   and confidentiality to IP datagrams.  It may also provide
 = authentication, depending on which algorithm and algorithm mode are
   used.

   Each SAID value indicates the encryption algorithm and mode used, the
 = block size (if any) of the encryption algorithm, the authentication
 = algorithm being used (if separate from the encryption algorithm), the
 = block size (if any) of the authentication algorithm, and the
   presence/absence and size of a cryptographic synchronization or
   initialization vector field.  These transforms are described in
   companion documents.

 = Some Transforms provide authentication as well as encryption.  When
   such a mechanism is not in use, the Authentication Header [RAah]
   might be used.

So, we covered all the bases.

Now, we have to agree on which other transforms to write up!  I favor
triple DES, and DES-CBC with CRC.

Perry likes MD5 instead of CRC, but I think that the CRC would improve
speed, and be good enough when encrypted afterward.

What do you think?

Bill.Simpson@um.cc.umich.edu

Prev by Date: Re: draft-ietf-ipsec-ah-md5-00.txt
Next by Date: Re: draft-ietf-ipsec-<many>-00.txt
Prev by thread: Re: draft-ietf-ipsec-<many>-00.txt
Next by thread: Re: draft-ietf-ipsec-<many>-00.txt
Index(es):
- Main
- Thread