[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compression, privacy, and authenticity transforms

To: rogaway@cs.ucdavis.edu, ipsec@ans.net
Subject: Re: compression, privacy, and authenticity transforms
From: Paul_Lambert-P15452@email.mot.com
Date: 12 May 95 14:08:00 -0500



Phil,


We seem to disagree, but have the same goals to:

 -  limit the number of "Security Transforms"
 -  ensure that combinations of security services are provided correctly

I also have one additional requirement that you seem to not worry about:

 -  limit the overhead required to provide a set of security services

>Encryption, authentication, and compression are mechanisms intended for three
>orthogonal purposes.   When (i) the individual mechanisms are correct, (i)
>key-separation
>has been properly performed (for encryption and authentication), and (iii) the
>mechanisms are applied in the correct order, these mechanisms can not
>"interfere" with one another.   So wouldn't it be better to treat all of 
>these types of transforms completely separately -- i.e., no "composite" 
>transforms?  If we start supporting
>transforms like DES-CBC-MD5-LZ77, we're going to get a real explosion in the
>number of transforms we'd feel it useful to provide.

I disagree!  

In general your approach of providing complete flexibility by creating "single 
service" security transformations is interesting, but if I need DES with 
authentication the system is burdened with the extra header overhead.  This is 
obviously worse when you have three sets of headers for confidentiality, 
integrity (aka authentication), and compression.  These service should be able 
to be combined in a manner that provides the services in a single 
transformation.  The definition of the transformation will include the order of 
processing, the transform specific field locations, and so forth.

Users need security and typically will not care how the theoretical pieces of 
the mechanisms are put together.  Efficiency is important.  Combining the 
processing and the construction of transform specific fields improves 
efficiency.


  We're also unlikely to
>"get right" these composite transforms.  Better is to regard "DES-CBC-MD5-LZ77"
>as three different transforms:  first an LZ77 Transform (used in the context of
><TBD>);then a DES-CBC Transform (used in the context of an ESP); then an MD5-
KXK
>Transform (for example) (used in the context of an AH).

Yes, we will get the transforms "right" by definition.  They will be 
constructed with the processing defined in a specific order to provide specific 
services.  An interesting example is the 

  The only 
>"integration" issue we would have to worry about is (key separation 
>and) a statement in the architecture document
>explaining that you should not use a compression transform after an encryption
>transform, and you should not use an encryption transform after an
>authentication
>transform.

There are times that encryption after an integrity (aka authentication) 
computation might be desirable.  To define such broad rules limits the 
functionality of the system.  It is better to precisely define a set of 
processing steps (transforms, fields, key usage, etc.) and document the 
expected services for the transformation.




Paul


PS - I might read mail again May 24

Prev by Date: Re[2]: ipsec compression support
Next by Date: Re: compression, privacy, and authenticity transforms
Prev by thread: Re: compression, privacy, and authenticity transforms
Next by thread: Re: compression, privacy, and authenticity transforms
Index(es):
- Main
- Thread