[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed changes to ESP (andf a little AH too)

To: uri@watson.ibm.com
Subject: Re: Proposed changes to ESP (andf a little AH too)
From: Steven Bellovin <smb@research.att.com>
Date: Sun, 23 Mar 1997 22:46:32 -0500
cc: kent@bbn.com (Stephen Kent), ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

	 Crypto people, am I the only one who is not 100% comfortable with
	 this order of the operations? Can *you* think of an attack?  What
	 would be the assumptions for such an attack to succeed?

Kent's approach defeats Wagner's short-block guessing attack (described
in my paper ftp://ftp.research.att.com/dist/smb/badesp.ps).  This is
precisely because it does protect the ciphertext.

My discomfort is due solely to the fact that I want these transforms
standardized *now*.  Anything that delays them is no good.

Prev by Date: Re: Proposed changes to ESP (andf a little AH too)
Next by Date: Re: Proposed changes to ESP (andf a little AH too)
Prev by thread: Re: Proposed changes to ESP (andf a little AH too)
Next by thread: Re: Proposed changes to ESP (andf a little AH too)
Index(es):
- Main
- Thread