[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESP transform

To: ipsec@TIS.COM
Subject: ESP transform
From: Ran Atkinson <rja@cisco.com>
Date: Wed, 22 May 1996 16:45:10 -0700
Sender: ipsec-approval@neptune.tis.com


[speaking as an individual, not as co-chair]

  My personal preference would be to retain HMAC MD5 for use with the Combined
ESP transform.  There are no known problems with HMAC MD5 and there is ample
freely distributable source code, some of which has pretty good performance.
SHA-1 is generally believed to be slower than MD5 and performance ought not be
completely ignored.

  I also prefer to put the HMAC MD5 residual underneath the encryption.  While
I understand Phil Karn's point, I prefer to have the additional protection on
the authentication that is provided by having it beneath the encryption.  I
also thought Uri's point about the semantic of the authentication was a good
one.  What do other folks think about making this change ?

[as co-chair]
  We need to reach closure on the Combined ESP transform very very soon.
Folks with open issues or comments should PLEASE raise them NOW to the list
(or if you prefer, directly with the Jim Hughes).

Thanks,

Ran
rja@cisco.com

Prev by Date: Re: Results of quick survey
Next by Date: Re: Results of quick survey
Prev by thread: Re: MD5 vs. SHA-1, Selection Criteria
Next by thread: ppp compression
Index(es):
- Main
- Thread