Hugo tutors (Was: (IMPORTANT) ...)

[William Allen Simpson <wsimpson@greendragon.com>]

> Date: Thu, 29 Feb 96 18:31:34 EST
> From: hugo@watson.ibm.com
> There is so much traffic in this list these days and I hate contributing
> more but this may interest other people in addition to Perry.
>
> Waiting 1-2 years is unrealistic for IETF proposals.
> However, I wish there was a more orderly scrutiny of security designs
> for IETF protocols by cryptographers.
>
> Photuris is a good example. It took me 6 drafts (from 03 to 09)
> to convince Simpson to derive *independent* key bits for keyed-MD5 and DES.

This is a patently false and misleading statement.

Since, until draft -09, AH and ESP always had different SPIs, they also
always had independently derived keys.

With the advent of the WG request this winter for the _complication_ of
having AH and ESP _share_ the same SPI, then the key schedule of ESP-DES
in Photuris was required to change.

A more _complicated_ design engendered a more _complicated_ keying
schedule.  No surprise there; these requests seem to avalanche.

I find it personally insulting that Hugo claims to have to teach us
simple and practical cryptographic features.

I will leave it to the rest of you to decide whether he is on track
about other "cryptographic sins".


> cryptographic sins. I didn't see where is the cryptographic community
> that is inspecting this design.

I have in hand a quote from another cryptographic analyst:
   "I am impressed with the thoroughness of the Photuris spec."

Thanks anyway....

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

---

• Prev by Date: NMAC not HMAC, SHA not MD5
• Next by Date: Re: (IMPORTANT) Call for AH-MD5 and ESP-DES to move forward
• Prev by thread: NMAC not HMAC, SHA not MD5
• Next by thread: bump-in-the-stack encryptor paper
• Index(es):
  • Main
  • Thread