[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris Chapter 1

To: bsimpson@morningstar.com
Subject: Re: Photuris Chapter 1
From: Hilarie Orman <ho@cs.arizona.edu>
Date: Fri, 6 Oct 1995 16:17:22 -0700
Cc: ipsec@ans.net
In-Reply-To: Yourmessage <199510052207.AA58017@interlock.ans.net>

How about omitting the cookies and message type from the anonymity
algorithm?  Makes processing a bit more uniform and avoids encrypting
known plaintext.

The architecture document implies that the mode is part of the
security association, but Photuris seems oblivious to this.  Perhaps
I'm missing something, but I think the recipient of an ESP message
cannot know, without checking the full security association, whether a
full IP datagram or only the payload is contained in the protected
region.  Shouldn't Photuris have a field for specifying mode?

A forward reference from the 5.2 mention of "Anonymity Choice specified
cryptographic hash" to appendix B.2 would be helpful.  Or else an explanation
of this when the Anonymity Choice is first introduced.  Otherwise, the
term causes breathless astonishment on first encounter (aka "huh?").

I know that you appreciate good writing, so you would probably be annoyed
to read this construction had it arisen from another author:

   This message is required to be encrypted using the Anonymity-Choice
   indicated in the Key_Response.  The chosen algorithm does not need to
   provide integrity, ...

Instead you might prefer

   This message must be encrypted using ...  The chosen algorithm need not
   provide integrity, ...

References:

Photuris Chapter 1

From: "William Allen Simpson" <bsimpson@morningstar.com>

Prev by Date: Photuris Security
Next by Date: Re: Photuris Security
Prev by thread: Photuris Chapter 1
Next by thread: Re: Photuris Chapter 1
Index(es):
- Main
- Thread