[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-thayer-seccomp-00.txt
"H.Krawczyk" writes:
> > That probably lowers security in some environments. Folding in the
> > length of the datagram makes it harder to fake a datagram with the
> > same MAC.
>
> A personal "historical" remark:
>
> One of the design principles of HMAC was not to rely on prepended length.
Certainly. But not all MACs used by IPSEC will necessarily be as
robust as HMAC.
> All of this is not to say that certain MAC (like CBC-MAC or even HMAC
> with some hash functions) couldn't be benefited from prepended length. But
> in that case the MAC MUST include the prepended length as part of its
> definition and not to rely on the particularities of the data being
> authenticated.
Certainly at the very least one must mention in such a transform
document that one is explicitly relying on the length being present...
Perry
References: