[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP with stream ciphers



Norm,

	I agree with Steve Bellovin's suggestion that we should view the IV
as the beginning of the payload, since each encryption algorithm mode will
"know" whether an IV is explicitly present, or not, and how big it is, etc.
This tact was adopted in some other security protocols, e.g., the IEEE SDE
protocol, while others opted for an explicit IV field.  In an effort to
simplify the format and minimize optional variable length fields, I'm in
favor of adopoting Steve's suggestion.  In this vein, a stream cipher
offset(or an IV for a stream cipher) could also appear as the beginning of
an encrypted payload.  If there are no objections, I'll plan to make these
changes to the next rev of the ESP spec.

Steve




Follow-Ups: References: