[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-<many>-00.txt
Bill:
> Now, we have to agree on which other transforms to write up! I favor
> triple DES, and DES-CBC with CRC.
>
> Perry likes MD5 instead of CRC, but I think that the CRC would improve
>speed, and be good enough when encrypted afterward.
>
> What do you think?
Selecting a combined confidentiality and integrity function when trying to
minimize the incremental work above the encryption function is very tricky.
For this reason, we should be very careful, and I recommend following the
lead of the GSS API folks. They are using sum64-DES-CBC. It is very similar
to the CBCC that I discussed on this list a few months ago except that the
XOR sum is replaced by the ((mod 2**64)-1) sum. This is trivial in software,
but I do not know of any hardware that supports it.
Have you looked at the new GSS API stuff produced by Northern Telecom?
Russ