[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Questions/comments re draft-ietf-ipsec-esp-rc5-cbc-00.txt




I have some questions and comments regarding
draft-ietf-ipsec-esp-rc5-cbc-00.txt.

The first question I have is why 40 bits? I am under the
impression the IPsec wg, for political reasons, chose to
exclude export weakened cipher usage.

I am not familiar with RC5's status. Is it a trade secret like
RC2? I see RSA has applied for a patent. Will implementaters
have to license RC5 from RSA? If it need be licensed could that be
a detriment to its wide-spread use in IPsec?

I'm a bit confused about the following paragraph from the
document.

> 2.3 Payload
>
>    RC5-CBC requires an explicit Initialization Vector (IV) of 8 octets
>    (64 bits) that immediately precedes the cipher-text in the payload.
>    A new IV must be pseudo-randomly generated for each packet and then
>    used to encrypt that plain-text.  When decrypting, the first 8
>    octets of the payload are used as a IV to decrypt the remaining
>    payload octets.
>

Those statements are really confusing. They say the IV
precedes the cipher-text but then say first 8 octets of the
payload (the SPI and sequence number?) are used to decrypt the
rest. As Scoobe Doo says, Er? The CBC method seems a bit weird to
me too. Is the IV XORed with each block?


Regarding key material, why is the key material derived as
stated in section 4 rather than slice and dice?


-dpg