[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Suggestion for ESP 3DES MD5 document

To: "'ipsec@TIS.COM'" <ipsec@TIS.COM>
Subject: Suggestion for ESP 3DES MD5 document
From: Bob Baldwin <baldwin@rsa.com>
Date: Wed, 23 Oct 1996 10:14:41 -0700
Cc: "'naganand@ftp.com'" <naganand@ftp.com>
Sender: ipsec-approval@neptune.tis.com

Naganand,
	I would like to suggest that when you write-up the triple DES
transform that you modularize the document so it is easy to
substitute other ciphers and hash functions.  My goal is to be able
to briefly specify other ESPs by referencing your document.
	For example, I would love to be able to write a two page
Internet draft that fully specifies an ESP with RC5 (16 round, 128 bit
keys)
and SHA1 hashing by referencing your document and providing
an alternative wording for one or two sections of the document.
	The implications are that your description should be
parameterized by the size of the keys for the privacy and integrity
transforms, and by the size of the integrity value (hash output).
It is probably OK to assume that all ciphers will use 8 byte CBC
with an 8 byte IV.  The name of the cipher (e.g. DES-EDE) should
not be spread throughout the text.
		--Bob Baldwin
		  RSA Data Security Inc.

>----------
>From: 	Ran Atkinson[SMTP:rja@cisco.com]
>Sent: 	Tuesday, October 22, 1996 11:23 AM
>To: 	ipsec@TIS.COM
>Cc: 	naganand@ftp.com
>Subject: 	[Admin] ESP 3DES MD5 Editor 
>
>
>All,
>
>  Paul Lambert and I have appointed Naganand Doraswamy <naganand@ftp.com> as
>the document editor to write up an ESP Transform combining Triple-DES, MD5,
>and Replay Protection.  This new transform is to be derived from and as
>similar as practical to Jim Hughes' ESP DES-CBC MD5 transform.  This new
>transform is intended to become standards-track.   It will appear online
>as draft-ietf-ipsec-esp-3des-md5-*.txt once Naganand has written it up.
>
>Paul Lambert <palamber@us.oracle.com>
>Randall Atkinson <rja@cisco.com>
>
>
>
>-- 
>
>
>

Date: Wed, 23 Oct 1996 14:03:46 -0700
From: Ran Atkinson <rja@cisco.com>
Message-Id: <199610232103.OAA09819@cornpuffs.cisco.com>
To: baldwin@rsa.com
Subject: Re: Suggestion for ESP 3DES MD5 document
Organization: cisco Systems
Cc: ipsec@TIS.COM
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

In article
<c=US%a=_%p=RSA_Data_Securit%l=LOBESTER-961023171441Z-6763@LOBESTER.rsa.com>,
	Bob Baldwin wrote:

>	I would like to suggest that when you write-up the triple DES
>transform that you modularize the document so it is easy to
>substitute other ciphers and hash functions.  My goal is to be able
>to briefly specify other ESPs by referencing your document.

  Modularity is the primary goal of the editorial changes proposed in Montreal
by and being made by Steve Kent.  More documents specifying more transforms is
(IMHO) not part of the solution here, as Steve Kent so clearly pointed out in
Montreal.

  With a modest amount of luck, we'll eliminate the "transform" concept
-- all together -- and replace it with some magic number/algorithm pairs
in the IAB Assigned Numbers document (of which only one set each for AH/ESP
would be mandatory to implement).

  At some level, it would be more logical to wait on all new transform
specifications until after the modularised base specifications are
published.  However, the group seems to prefer to proceed forward for
now and retrofit those specs back into the new document model later.
By basing the 3DES transform draft on the Jim Hughes' Combined ESP
draft, these later editorial changes can be done without adversely
impacting code.

All IMHO.

Ran
rja@cisco.com

Prev by Date: Re: isakmp-05.txt
Next by Date: A hole in esp-stream-01
Prev by thread: Re: isakmp-05.txt
Next by thread: Re: Suggestion for ESP 3DES MD5 document
Index(es):
- Main
- Thread