[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-<many>-00.txt

To: ipsec@ans.net
Subject: Re: draft-ietf-ipsec-<many>-00.txt
From: "Housley, Russ" <housley@spyrus.com>
Date: Tue, 17 Jan 95 13:54:45
Encoding: 883 Text


Bill:

> Now, we have to agree on which other transforms to write up!  I favor 
> triple DES, and DES-CBC with CRC.
>
> Perry likes MD5 instead of CRC, but I think that the CRC would improve 
>speed, and be good enough when encrypted afterward.
>
> What do you think?

Selecting a combined confidentiality and integrity function when trying to 
minimize the incremental work above the encryption function is very tricky.  
For this reason, we should be very careful, and I recommend following the 
lead of the GSS API folks.  They are using sum64-DES-CBC.  It is very similar 
to the CBCC that I discussed on this list a few months ago except that the 
XOR sum is replaced by the ((mod 2**64)-1) sum.  This is trivial in software, 
but I do not know of any hardware that supports it.

Have you looked at the new GSS API stuff produced by Northern Telecom?

Russ

Prev by Date: Re: draft-ietf-ipsec-<many>-00.txt
Next by Date: draft-ietf-ipsec-ah-md5-00.txt
Prev by thread: Re: draft-ietf-ipsec-<many>-00.txt
Next by thread: draft-ietf-ipsec-<many>-00.txt
Index(es):
- Main
- Thread