[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-<many>-00.txt
> From: "Housley, Russ" <housley@spyrus.com>
> In particular, to provide both confidentiality and integrity, I need to use
> both encapsulation protocols. I thought that we would allow something
> similar to ESP for both confidentiality and integrity.
>
Thanks for reading it, but you missed the few mentions. Perhaps they
need to be longer?
The Encapsulating Security Payload (ESP) seeks to provide integrity
and confidentiality to IP datagrams. It may also provide
= authentication, depending on which algorithm and algorithm mode are
used.
Each SAID value indicates the encryption algorithm and mode used, the
= block size (if any) of the encryption algorithm, the authentication
= algorithm being used (if separate from the encryption algorithm), the
= block size (if any) of the authentication algorithm, and the
presence/absence and size of a cryptographic synchronization or
initialization vector field. These transforms are described in
companion documents.
= Some Transforms provide authentication as well as encryption. When
such a mechanism is not in use, the Authentication Header [RAah]
might be used.
So, we covered all the bases.
Now, we have to agree on which other transforms to write up! I favor
triple DES, and DES-CBC with CRC.
Perry likes MD5 instead of CRC, but I think that the CRC would improve
speed, and be good enough when encrypted afterward.
What do you think?
Bill.Simpson@um.cc.umich.edu