Re: Slicing and Dicing in new-esp

[Ran Canetti <canetti@watson.ibm.com>]

> 
> The consensus on slice & dice at the meeting today was that transforms
> get one key, and are responsible for dividing the "key blob" between
> the various uses they have for it.
> 
> In the case of new-esp, we have a hierarchical arrangement, with ESP
> in the middle, key management above, and algorithms beneath; the
> new-esp document really defines both ESP and a "meta" transform.
> 
> I presume that the new-esp meta-transform gets a (single) key blob
> from "above" and needs to break it up and pass "key blobs" down into
> the algorithms which plug into it.
> 
> Now, there are certain, obvious to a non-cryptographer, problems with
> passing the exact same blob to both algorithms.  I believe that the
> right thing to do here is to specify that new-ESP is responsible for
> dividing the blob into two pieces and feeding one to the encryption
> algorithm and the other into the integrity algorithm; the individual
> algorithms are resposible for any relevant algorithmic-specific key
> processing.
> 
> 					- Bill
> 


I concur. This is the "cryptographically right" way to do it.
A transform gets as much keying material as it needs from the 
key exchange module, and is responsible to slice it and use 
it in the correct way. In the case of ESP this means to 
partition the keying material to two DISJOINT parts,
hand one part to the authentication algorithm  and the other part to 
the encryption algorithm.


Ran

---

• Prev by Date: Re: Slicing and Dicing in new-esp
• Next by Date: Re: ESP with stream ciphers
• Prev by thread: Re: Slicing and Dicing in new-esp
• Next by thread: Re: Slicing and Dicing in new-esp
• Index(es):
  • Main
  • Thread