[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed changes to ESP (andf a little AH too)

To: ipsec@tis.com
Subject: Re: Proposed changes to ESP (andf a little AH too)
From: John Ioannidis <ji@hol.gr>
Date: Fri, 21 Mar 1997 23:52:56 +0200
Hops: 0
Host: tis.com.
In-reply-to: Your message of "Fri, 21 Mar 1997 14:10:11 EST." <v0300780eaf5886498ba8@[128.89.0.110]>
Organization: La maison qui rend fou.
Posted-Date: Fri, 21 Mar 1997 23:49:47 -0200 (GMT)
Reply-To: ji@hol.gr
Sender: owner-ipsec@ex.tis.com

I'm all in favour of doing the encryption first and the authentication after, 
so that on receipt we can authenticate before we receive, but wasn't there 
some cryptographic argument against that sort of thing? Or was it decided back 
when we only had the RFC 182* transforms that in the case of cascaded 
transforms, we should encapsulate first with AH-MD5 and then with DES-ESP, and 
that carried over into the combined ESP transform? Or could it even be a 
carry-over back from the swIPe days (which also encrypted the authenticated 
packet)?

/ji

Follow-Ups:

Re: Proposed changes to ESP (andf a little AH too)

From: "Perry E. Metzger" <perry@piermont.com>

Re: Proposed changes to ESP (andf a little AH too)

From: Uri Blumenthal <uri@watson.ibm.com>

References:

Proposed changes to ESP (andf a little AH too)

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: inline keying
Next by Date: Re: Proposed changes to ESP (andf a little AH too)
Prev by thread: Re: Proposed changes to ESP (andf a little AH too)
Next by thread: Re: Proposed changes to ESP (andf a little AH too)
Index(es):
- Main
- Thread