I'll vote for SHA for all uses (AH, ESP) and hashing inside the encryption (ESP conf & integrity) ... Paul
-- BEGIN included message
- To: Phil,Karn,karn@qualcomm.com
- Subject: Re: Results of quick survey
- From: "Uri Blumenthal " <ipsec-approval@neptune.tis.com>
- Date: 22 May 96 17:40:32
- Cc: ipsec@tis.com
- Reply-to: uri@watson.ibm.com
Phil Karn says: > One point about the relative ordering of authentication and encryption. > Even though I can now do DES pretty fast, it's still true that if you > wrap encryption outside authentication then you still have to perform > both algorithms to determine that the packet is bogus. On the other hand, it is considered best to authenticate the "final result" date, which is the plaintext. For "proving" that this encrypted data was "kosher" strictly speaking, is NOT equivalent to "proving" that the decrypted data is what was sent (i.e. it may decrypt to different things under different keys and so on)... Do we care? [I understand your concern about performance.] -- Regards, Uri uri@watson.ibm.com -=-=-=-=-=-=- <Disclaimer>
-- END included message