[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec hardware accelerators (Rainbow warning)
An old message (Jan.) that seems to have been stuck in one of my out boxes ...
Paul
------------------
John, please be fair about "compatibility":
>The Clipper Chip and its follow-on
>products are not compatible with the IPSEC protocols,
>because they use an undocumented encryption algorithm
>and because they are designed to
>undermine rather than provide secure operation.
Undocumented cryptographic algorithms are very compatible with IPSEC.
Cryptographic flexibility is one of the main design features of this set of
protocols. It is true that our IPSEC set of mandatory to implement algorithms
will never contain a undocumented encryption algorithm.
There is no reason that the "encapsulating" protocol (ESP) could not use
anyones favorite algorithm (documented or not). The ISAKMP negotiation should
allow selection of a common algorithm between two IPSEC systems. It just so
happens that the "favorite" algorithms of the US Government are available in
the Fortezza card.
I also believe that cryptographic algorithms are "stronger" when they are not
published. So, Fortezza is compatible with IPsec, it just is not the
recommended IETF set of algorithms :-)
Paul
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paul Lambert Director of Security Products
Oracle Corporation Phone: (415) 506-0370
500 Oracle Parkway, Box 659410 Fax: (415) 633-2963
Redwood Shores, CA 94065 E-Mail: palamber@us.oracle.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Secure Jobs" -> send resumes to: palamber@us.oracle.com
Security Architect - Hands on lead with strong design skills
Sr. Development Manager - 6+ experience with 3+ leading teams
Security Product Manager(s) - Excellent verbal and written skills
with background in security.
Senior SW Dev. - 6+ experience in SW development
SW Developer(s) - Strong coding skills and abilities
or interest in: (C++, Java, CORBA, security,
X.500, etc.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~