[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "in-band" is wrong idea/terminology
> From: ashar@osmosys.incog.com (Ashar Aziz)
> However, I believe that parasitic is the wrong word.
That is the english word for a foreign animal which embeds itself into
a host, without (immediately) killing the host. Seems appropriate for a
key management feature that embeds itself in an encryption protocol.
> BTW, there
> are not going to be any more problems with fragmentation etc., as the
> effect of the keys is not random. It is just as predictable as the
> effect of the IVs that are in the packet, and which also causes the
> packets to increase in size.
>
You are completely missing the point. The IV is in every packet.
You would only be correct if the key changed on every packet. And you
would only be correct if the decision as to the packet size, and
inclusion of the key changes, were made at the transport layer (which
makes the segmentation size decision).
If either is true, then your proposal is completely unacceptable.
> > You are certainly welcome to write up alternative security transforms
> > for our enlightenment.
>
> I certainly dont have any problems with this. However, I believe that
> the base document needs to explicitly accommodate this case, and the
> 1 bit from the SAID field as Hugo suggested is the right way to do this.
> I can offer sample text for that as well.
>
No, the base document does not need such transform specific information.
You folks got us to move the hash calculation out of AH into MD5 and SHA,
even though it's the same, so that it could be different for other
"future" transforms. The same logic applies.
And, there is no restriction on how you (in your other key-management
protocol) encode your SAID. But, MD5 and DES do not use such a bit, so
it does not go in the base document, nor in either of those.
Bill.Simpson@um.cc.umich.edu