[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CBC encryption document
Dear colleagues,
Just posted is my (apparently misnamed) working draft
draft-ietf-ipsec-cbc-encrypt-00.txt.
This document constitutes a "counter-proposal" to
draft-ietf-ipsec-esp-des-cbc-04.txt.
Please understand that the former document is not a "peer" of the
latter, in the sense that the former document functions at a decidedly
lower level. It specifies ONLY a transform. This is quite intentional.
(It is an implementation of Recommendation 5 of my April 3 comments.)
Why should the lowest-level IPSEC documents describe ONLY a transform?
(Here I mean "transform" in a technical sense: this is a certain
particular pair of functions.) There are several reasons. One is thta
it is virtually impossible for a cryptographer to assess (or change) the
proposals' cryptography when it is intermixed with the use of that
cryptography.
As a consequence of maintaining a rigid abstraction boundary at the level
of a transform, a transform-specifying document should be silent about
things like the structure of an IP packet. This is the business of
the higher-level document which uses a transform. Thus implicit in
this CBC encryption document is the understanding that
draft-ietf-ipsec-esp-01.txt be reworked to be truly generic, specifying
how to use an arbitrary encryption transform to accomplish its job.
Phil Rogaway