[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Photuris Chapter 1
> From: Hilarie Orman <ho@cs.arizona.edu>
> How about omitting the cookies and message type from the anonymity
> algorithm? Makes processing a bit more uniform and avoids encrypting
> known plaintext.
>
I had thought I'd already done this. Where did I miss some text?
Anonymity Choice
When selected as an Anonymity-Choice, its anonymity session-key
uses the most significant 64-bits of MD5 generated material. The
least significant bit of each octet is ignored (parity).
The 64-bit Initialization Vector (IV) is set to the Type,
LifeTime, and Security-Parameter-Index fields. Encryption begins
with the next field, and continues to the end of the data
indicated by the UDP Length.
> The architecture document implies that the mode is part of the
> security association, but Photuris seems oblivious to this. Perhaps
> I'm missing something, but I think the recipient of an ESP message
> cannot know, without checking the full security association, whether a
> full IP datagram or only the payload is contained in the protected
> region. Shouldn't Photuris have a field for specifying mode?
>
Hmmm, I always thought of "mode" as CBC, not tunneling.
I think that the recipient of an ESP message can _easily_ tell whether a
full IP datagram or just another header (such as TCP) is next, by using
the Payload Type! I even mentioned payload type 4 for IP! [RFC-1829]
Are you saying that we need another attribute to negotiate whether the
data is tunneled? Anyone else need this?
> A forward reference from the 5.2 mention of "Anonymity Choice specified
> cryptographic hash" to appendix B.2 would be helpful. Or else an explanation
> of this when the Anonymity Choice is first introduced. Otherwise, the
> term causes breathless astonishment on first encounter (aka "huh?").
>
Good idea! Done. Both places.
> I know that you appreciate good writing, so you would probably be annoyed
> to read this construction had it arisen from another author:
>
> This message is required to be encrypted using the Anonymity-Choice
> indicated in the Key_Response. The chosen algorithm does not need to
> provide integrity, ...
>
> Instead you might prefer
>
> This message must be encrypted using ... The chosen algorithm need not
> provide integrity, ...
>
Thanks, always appreciate actual text suggestions. Sometimes, I even
use them verbatim. ;-)
The fact that you are commenting so far along (Chapter 5) is evidence
that you already are happy with Chapter 1, so I'll move the process
along.
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2