[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Questions/comments re draft-ietf-ipsec-esp-rc5-cbc-00.txt
I have some questions and comments regarding
draft-ietf-ipsec-esp-rc5-cbc-00.txt.
The first question I have is why 40 bits? I am under the
impression the IPsec wg, for political reasons, chose to
exclude export weakened cipher usage.
I am not familiar with RC5's status. Is it a trade secret like
RC2? I see RSA has applied for a patent. Will implementaters
have to license RC5 from RSA? If it need be licensed could that be
a detriment to its wide-spread use in IPsec?
I'm a bit confused about the following paragraph from the
document.
> 2.3 Payload
>
> RC5-CBC requires an explicit Initialization Vector (IV) of 8 octets
> (64 bits) that immediately precedes the cipher-text in the payload.
> A new IV must be pseudo-randomly generated for each packet and then
> used to encrypt that plain-text. When decrypting, the first 8
> octets of the payload are used as a IV to decrypt the remaining
> payload octets.
>
Those statements are really confusing. They say the IV
precedes the cipher-text but then say first 8 octets of the
payload (the SPI and sequence number?) are used to decrypt the
rest. As Scoobe Doo says, Er? The CBC method seems a bit weird to
me too. Is the IV XORed with each block?
Regarding key material, why is the key material derived as
stated in section 4 rather than slice and dice?
-dpg