[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec hardware accelerators (Rainbow warning)



 
 
An old message (Jan.) that seems to have been stuck in one of my out boxes ... 
 
Paul 
------------------ 
 
John, please be fair about "compatibility": 
 
>The Clipper Chip and its follow-on 
>products are not compatible with the IPSEC protocols,  
>because they use an undocumented encryption algorithm  
>and because they are designed to  
>undermine rather than provide secure operation. 
 
Undocumented cryptographic algorithms are very compatible with IPSEC.  
Cryptographic flexibility is one of the main design features of this set of 
protocols.  It is true that our IPSEC set of mandatory to implement algorithms 
will never contain a undocumented encryption algorithm. 
 
There is no reason that the "encapsulating" protocol (ESP) could not use 
anyones favorite algorithm (documented or not).  The ISAKMP negotiation should 
allow selection of a common algorithm between two IPSEC systems.  It just so 
happens that the "favorite" algorithms of the US Government are available in 
the Fortezza card. 
 
I also believe that cryptographic algorithms are "stronger" when they are not 
published.  So, Fortezza is compatible with IPsec, it just is not the 
recommended IETF set of algorithms :-) 
 
 
 
Paul 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Paul Lambert                     Director of Security Products 
Oracle Corporation               Phone:         (415) 506-0370 
500 Oracle Parkway, Box 659410     Fax:         (415) 633-2963 
Redwood Shores, CA  94065       E-Mail: palamber@us.oracle.com 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
"Secure Jobs"  ->  send resumes to: palamber@us.oracle.com   
     Security Architect - Hands on lead with strong design skills 
     Sr. Development Manager - 6+ experience with 3+ leading teams 
     Security Product Manager(s) - Excellent verbal and written skills 
               with background in security. 
     Senior SW Dev. - 6+ experience in SW development 
     SW Developer(s) - Strong coding skills and abilities  
                or interest in: (C++, Java, CORBA, security,  
                X.500, etc.) 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~