[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Padding

To: "'Derrell Piper'" <piper@cisco.com>, Stephen Kent <kent@bbn.com>
Subject: RE: Padding
From: Rob Adams <adams@cisco.com>
Date: Fri, 11 Jul 1997 00:55:08 -0700
Cc: "ipsec@tis.com" <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

The covert channel argument seems to me to be a bit over the top, in this context.
I suppose if people are really worried about it, then we should cover, but personally,
it isn't a sticking point with me.

The wonderful thing about random was that receivers could simply strip it off 
and throw it away.  If we specify that the padding must contain a specific value,
we will imply that receivers have to test the padding for the "MUST be set" value. 
In this case, simply make it zero and dictate that all transforms MUST behave
this way.  If we have cryptographic reasons, then specify that it SHOULD be
random and leave it up to the implementation to fill it in and allow receivers to 
ignore it. 

-Rob 



-----Original Message-----
From:	Derrell Piper [SMTP:piper@cisco.com]
Sent:	Thursday, July 10, 1997 4:32 PM
To:	Stephen Kent
Cc:	ipsec@tis.com
Subject:	Re: Padding 

Unless the padding is random, I see little difference between padding with
zero and padding with a monitonically incrementing constant.  If there are 
cryptographic concerns, they're both equivalent, aren't they?

While I understand the covert channel argument (being, in a past life, a
VSA for a C2 and B1 TCSEC OS), that's not really one of our (unwritten)
design criteria.  Covert channel analysis is way beyond the charter of 
this working group.

Unless there are strong cryptographic reasons for choosing pseudorandom
pads, I would prefer to see it be zero.

Derrell

Prev by Date: Re: Security Association vis a vis Security Parameters Index
Next by Date: Re: Fast x86 DES for SSH
Prev by thread: Re: Padding
Next by thread: I-D ACTION:draft-simpson-photuris-13.txt
Index(es):
- Main
- Thread