[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Derived versus Explicit IV
Ted is somewhat confused.
The mandatory to implement _manually_ configured algorithm is
ciph-des-derived.
1) There are no vendors shipping anything else.
2) There is no technical rationale supporting a change to an explicit IV.
3) There is no increase in cryptographic strength with an explicit IV.
4) A change to explicit IV would "obsolete" thousands of fielded units,
and create a user support nightmare.
However, there was a "gentlemans' agreement" that ISAKMP could negotiate
an explicit IV for single DES when it was so configured. And some
vendors (but not all) at the ANX workshops tested such a configuration.
To quote Moskowitz on another list, with respect to ISAKMP:
Date: Thu, 03 Jul 1997 10:20:45 -0400
From: Robert Moskowitz <rgm3@chrysler.com>
As co-chair I state that we will give the workgroup a reasonable
(end-of-july) time to determine a direction, if not, the market decides
this one.
Unfortunately, Bob forgot to tell the WG he had made this direction.
Another "gentlemans' agreement" was that only 3des-derived would be
published as output of this WG, since nobody had documented or tested
explicit IV for 3DES, and at least 2 vendors had shipped derived IV
based on RFC-1851.
However, certain folks just violated that agreement. In response, I
will be posting CAST et alia with derived IVs.
> From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
> My understanding is that the mandatory to implement cipher
> algorithm, based on what the vendors are implementing and what they
> tested at the ANX interoperability workshop, is represented by the I-D
> draft-ietf-ipsec-ciph-des-expiv-00.txt. In other words, DES CBC with
> an explicit IV.
>
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2
Follow-Ups: