[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stream Cipher Transform -- revisited


Germano

Apologies, I have been intending to reply but summer kept getting in
the way.  Anyway a couple comments and thoughts on including support
for stream ciphers in IPSEC as I believe there is a strong security
and business case for their use.

1) In general most of us have substantial numbers of legacy systems or
over-subscribed systems which have minimal amounts of un-used cycles.
It is very difficult to justify, and often to operationally implement,
a high-overhead encryption mechanism which results in the capacity of
100 user production server being reduced to 60 or 70.

2) In many cases absolute security of the data may not be justified
but prevention of re-play attacks or session-hijacks is essential,
especially in light of on-going work on "single sign-on functions".
It would seem that light weight ciphers might be ideal here.

3) For now, regardless of our personal views, exportability of a
solution is very important.  It seems likely that ciphers may be more
generally exportable and having more exportable options would appear
to be win.

4) As you note, protection of "content" from alteration during delivery
is also key, whether you are working with "web data", realtime video, or
voice.  Again the low-overhead of ciphers looks attractive for this
type of use.

I encourage your group to continue the work as I believe that support
of low-overhead encryption techniques will considerably broaden the
usability of IPSEC.

Take care

|   Terry L. Davis, P.E.   |  Boeing Information & Support Services    |
|       206-957-5325       |  tld5032@atc.boeing.com.                  |
   --------------- Tuesday July 30,1996 07:27 AM PDT -------------
Follow-Ups: References: