[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on drafts (re: Bellovin, Rogaway)



This note is to be considered as part of the "last call comments" on the
security drafts.

The recent note by Steve Bellovin on attacks on ESP are a good
example of the fallacy behind the notion that encryption functions
provide for integrity/authenticity/authentication of information.
This fallacy is actually supported by the wording in some of the
drafts under consideration.
I hope that with the changes that Steve will propose, part of these
issues will be solved. Still it is necessary to "clean" the
architecture document (draft-ietf-ipsec-arch-00.txt)
from any wording suggesting the above false implication.

For details on these issues (and others) I recommend reading the
comments sent to this list by Phil Rogaway on 4/4 (subject:
IPSEC (comments on Internet drafts) )

In particular, I recommend reflecting in the current drafts
what Rogaway calls Recommendation 1, 2 and 3 (all related to the above
issue). I believe that Steve's recommendation of mandating message
authentication also in ESP will, in particular, resolve recommendation 2.


Other recommendations of Phil require serious consideration
(although some of them, e.g. use of triple-DES as default, were
already considered and rejected by this WG; and others, e.g. recomendation 8,
are too premature to be adopted now).

In addition to the above, I particularly recommend following
recommendations 5 and 10, that deal with the way in which basic crypto
transforms should be specified in documents.

Hugo