[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sequence Number

To: ipsec@tis.com
Subject: Re: Sequence Number
From: Rodney Thayer <rodney@sabletech.com>
Date: Mon, 14 Jul 1997 13:00:23 -0400
Sender: owner-ipsec@ex.tis.com

It is recommended that the IV in each non-initial packet be set to the last
encryption block of the previous packet.  Since the IV travels with the
packet, you can still decrypt even if there is packet loss.  Nobody
enforces this "use the last encryption block" scheme, it's a recommended
thing.

>Date: Mon, 14 Jul 1997 07:51:51 -0400 (EDT)
>From: Norman Shulman <norm@tor.securecomputing.com>
>X-Sender: norm@rafael.tornd.securecomputing.com
>To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
>cc: ipsec@tis.com
>Subject: Re: Sequence Number 
>Sender: owner-ipsec@ex.tis.com
>
>On Sun, 13 Jul 1997, Michael Richardson wrote:
>
>>   Also recall, that in CBC mode, the IV for the next packet likely
>> comes from the ciphertext of the last block.
>
>This would make it impossible to decrypt packets received out of order.
>
>Norm
>
>
>                    Norman Shulman      Secure Computing Canada
>     	         Systems Developer      Tel 1 416 813 2075
>      norm@tor.securecomputing.com      Fax 1 416 813 2001
>
>
>
>
>

Prev by Date: Re: Sequence Number
Next by Date: Re: ISAKMP performance
Prev by thread: Re: Sequence Number
Next by thread: on the nature of recent suggestions
Index(es):
- Main
- Thread