Re: Comments on latest IPSP drafts

["Perry E. Metzger" <perry@imsi.com>]

I thought I'd explain a bit from the drafts here, although I don't
want to open up a big discussion of any of these topics...

Mark H Linehan/Watson/IBM Research says:
> - Page 12 of the architecture document and various other places require
> user-oriented keying. It's not at all clear what that means 

New language was proposed in Danvers that has eliminated most of the
objections other people have made to this section.

> - Regarding the position of the Pad Length and Data Type fields in
> the DES-CBC draft: (a) why aren't these defined in the ESP draft
> since they are common to all transforms?

Because they aren't common. The location of the type field *will*
change from transform to transform, and padding is not needed for all
ciphers -- DES in CFB or stream ciphers need no padding.

> (b) Putting these at the end exacerbates the problem of truncated
> returned packets in ICMP messages.  If these were near the
> beginning, you could decrypt whatever part of
> the returned packets you get.

Not with all ciphers, and besides that, the important part is the SPI
which will be returned. If you don't put the fields at the end you pay
a huge packet bloat penalty if you want to aign the fields, which is
why we do things the way we do. Since we are optimized for the common
case and we have enough information in the non-common case I think
things are just fine.

Perry

---

References:

• Comments on latest IPSP drafts
• From: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>

---

• Prev by Date: Comments on latest IPSP drafts
• Next by Date: Re[2]: Proposals for key-ed MD5
• Next by thread: Re: IPv6 Security Last Call Initial Questions
• Index(es):
  • Main
  • Thread