[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-<many>-00.txt




Colin Plumb says:
> Thus, I can make a large number of undetected changes (defined as XORs)
> to the first 8 bytes of a message.  If I know what they are to start
> with, I can possibly change them to desired values.
> 
> Is this a problem?

Yup, it is. The working group pretty much felt comfortable with MD5,
and I feel a whole lot better with MD5 myself. 

Overall, the drafts Bill and I are putting out on security transforms
are following essentially the transforms discussed in San Jose modulo
the question of whole-packet integrity checking rather than just
payload integrity checking -- this is as per the IPv6 drafts done by
Ran Atkinson. (The overall proposal itself a throwback to the unified
proposal agreed to in Toronto, which to my mind is still what the
group has consensus on. The security transforms were only discussed in
San Jose, so we are following, more or less, the San Jose security
transforms which follow Phil Karn's proposals).

Anyway, Bill and I have a small disagreement here, but I personally
favor writing up the MD5 format for the ESP security-plus-integrity
baseline.

One legitimate question, of course, might be whether or not we'd be
better off with a DES MAC, on the premise that we could gain some
performance that way since we are already DES walking the entire
packet anyway...

Perry


References: