[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks

To: Dan Nessett <Danny.Nessett@eng.sun.com>
Subject: Re: Bellovin's and Ashar's attacks
From: Ran Atkinson <rja@bodhi.cs.nrl.navy.mil>
Date: Thu, 13 Apr 1995 07:13:01 -0400
Cc: ipsec@ans.net
In-Reply-To: Danny.Nessett@Eng.Sun.COM (Dan Nessett) "Re: Bellovin's and Ashar's attacks" (Apr 12, 15:43)
References: <199504122245.AA36605@interlock.ans.net>
Reply-To: atkinson@itd.nrl.navy.mil
Sender: rja@bodhi.cs.nrl.navy.mil

On Apr 12, 15:43, Dan Nessett wrote:


% Since encryption is taking place at the IP layer, there can be no
% expectation that rekeying will not occur on each packet. IP packets
% can be coming from all over the place and will produce a jumble. Any
% ESP implementation will have to deal with frequent rekeying, although
% some operational environments may not require it, e.g., where a
% machine is encrypting traffic to only one other machine.

Hmm.  Actually, ESP is _both_ an IP encryptor and also a
transport-layer encryptor, depending on how a particular session is
setup.  It is important for everyone to keep this in mind.  The
working group name is somewhat misleading by accident because folks
think it is restricted to the IP-layer.  No such restriction exists
in either AH or ESP.

As an aside, one of the things I've not been good about making clear
in my notes is that my interest in user-oriented keying has much to do
with the use of ESP as a transport-layer encryptor.

Now back to editing...

Ran
atkinson@itd.nrl.navy.mil

References:

Re: Bellovin's and Ashar's attacks

From: Danny.Nessett@eng.sun.com (Dan Nessett)

Prev by Date: Re: Bellovin's and Ahar's attacks
Next by Date: Re: Bellovin's and Ashar's attacks
Prev by thread: Re: Bellovin's and Ashar's attacks
Next by thread: Re: Bellovin's and Ashar's attacks
Index(es):
- Main
- Thread