[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Derived versus Explicit IV

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: Derived versus Explicit IV
From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Date: Wed, 23 Jul 1997 23:36:52 EDT
cc: Norman Shulman <norm@tor.securecomputing.com>, "C. Harald Koch" <chk@utcc.utoronto.ca>, ipsec@tis.com
In-reply-to: Your message of "Wed, 23 Jul 1997 23:29:57 EDT." <199707240329.XAA18613@dcl.MIT.EDU>
Sender: owner-ipsec@ex.tis.com

In message <199707240329.XAA18613@dcl.MIT.EDU>, "Theodore Y. Ts'o" writes:
>
>That's simply not true.  RFC-1829 implementations are allowed to pick
>random IV's --- it doesn't specify how the IV's are picked at all.  If
>they do so, they won't be complaint with the latest ESP, because that
>field is where the sequence number goes, which must be a sequentially
>incrementing field starting at zero.
>
>Therefore, RFC-1829 implementations can not be counted upon to be
>compatible with the new ESP, no matter whether you use an explicit or
>derived IV.

It can be simulated however by having the key management daemon tell
the kernel not to check the replay counter, *and* to use the replay
counter as a half-IV. This is useful if you want your code to be able
to talk to the old implementations but don't like duplicated code. How
key mgmt specifies that is, of course, implementation and protocol
dependent.
-Angelos

References:

Re: Derived versus Explicit IV

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: Re: Derived versus Explicit IV
Next by Date: Re: Derived versus Explicit IV
Prev by thread: Re: Derived versus Explicit IV
Next by thread: RE: Derived versus Explicit IV
Index(es):
- Main
- Thread