[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA + generic auth specs? (was Re: AH-MD5)

To: perry@imsi.com
Subject: Re: SHA + generic auth specs? (was Re: AH-MD5)
From: jpp@markv.com
Date: Sun, 29 Jan 95 12:37:27 PST
Cc: ipsec@ans.net, bsimpson@morningstar.com, smb@research.att.com
In-Reply-To: <9501290033.AA21380@snark.imsi.com> (perry@imsi.com)
Sender: jpp@markv.com
Source-Info: From (or Sender) name not authenticated.

I think you can solve the problem with only one document.  Why not
address the crypt+auth by specifying a transformation of the headers
that would have been produced had auth(crypt(message)) been done.
I.e. specify how to compress AH+ESP headers.  Naive implementations
can do it in two passes, fast implementations in one.  Picky routers
can check the cleartext auth.  Why would you need to reference the
particular auth function in the generic crypt+auth document?

j'

References:

SHA + generic auth specs? (was Re: AH-MD5)

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: patent issues on keyed MD5?
Next by Date: Re: patent issues on keyed MD5?
Prev by thread: Re: SHA + generic auth specs? (was Re: AH-MD5)
Next by thread: Re: AH-MD5
Index(es):
- Main
- Thread