[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris Chapter 1

To: ipsec@ans.net
Subject: Re: Photuris Chapter 1
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Sat, 7 Oct 95 19:24:11 GMT

> From: Hilarie Orman <ho@cs.arizona.edu>
> How about omitting the cookies and message type from the anonymity
> algorithm?  Makes processing a bit more uniform and avoids encrypting
> known plaintext.
>
I had thought I'd already done this.  Where did I miss some text?

   Anonymity Choice

      When selected as an Anonymity-Choice, its anonymity session-key
      uses the most significant 64-bits of MD5 generated material.  The
      least significant bit of each octet is ignored (parity).

      The 64-bit Initialization Vector (IV) is set to the Type,
      LifeTime, and Security-Parameter-Index fields.  Encryption begins
      with the next field, and continues to the end of the data
      indicated by the UDP Length.


> The architecture document implies that the mode is part of the
> security association, but Photuris seems oblivious to this.  Perhaps
> I'm missing something, but I think the recipient of an ESP message
> cannot know, without checking the full security association, whether a
> full IP datagram or only the payload is contained in the protected
> region.  Shouldn't Photuris have a field for specifying mode?
>
Hmmm, I always thought of "mode" as CBC, not tunneling.

I think that the recipient of an ESP message can _easily_ tell whether a
full IP datagram or just another header (such as TCP) is next, by using
the Payload Type!  I even mentioned payload type 4 for IP!  [RFC-1829]

Are you saying that we need another attribute to negotiate whether the
data is tunneled?  Anyone else need this?


> A forward reference from the 5.2 mention of "Anonymity Choice specified
> cryptographic hash" to appendix B.2 would be helpful.  Or else an explanation
> of this when the Anonymity Choice is first introduced.  Otherwise, the
> term causes breathless astonishment on first encounter (aka "huh?").
>
Good idea!  Done.  Both places.


> I know that you appreciate good writing, so you would probably be annoyed
> to read this construction had it arisen from another author:
>
>    This message is required to be encrypted using the Anonymity-Choice
>    indicated in the Key_Response.  The chosen algorithm does not need to
>    provide integrity, ...
>
> Instead you might prefer
>
>    This message must be encrypted using ...  The chosen algorithm need not
>    provide integrity, ...
>
Thanks, always appreciate actual text suggestions.  Sometimes, I even
use them verbatim. ;-)

The fact that you are commenting so far along (Chapter 5) is evidence
that you already are happy with Chapter 1, so I'll move the process
along.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: Photuris Security
Next by Date: Photuris Chapters 1 to 4
Prev by thread: Re: Photuris Chapter 1
Next by thread: Wireless Networks Journal - CFP
Index(es):
- Main
- Thread