[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Derived versus Explicit technical rationale

To: "William Allen Simpson" <wsimpson@greendragon.com>
Subject: Re: Derived versus Explicit technical rationale
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Thu, 24 Jul 1997 15:11:27 -0400
Cc: ipsec@tis.com
In-Reply-To: wsimpson's message of Thu, 24 Jul 1997 14:06:32 +0000. <6321.wsimpson@greendragon.com>
Sender: owner-ipsec@ex.tis.com

Bill,

Encryption by itself does not provide integrity protection.  For
instance, any XOR-based stream cipher will allow an attacker to make
predictable changes to the plaintext.

The difference between derived vs. explicit IV does not affect the
ability of the protocol to provide confidentiality.

If you require integrity, you need to add a MAC either in ESP or by
using AH..

					- Bill

References:

Derived versus Explicit technical rationale

From: "William Allen Simpson" <wsimpson@greendragon.com>

Prev by Date: Re: Derived versus Explicit technical rationale
Next by Date: RE: Derived versus Explicit technical rationale
Prev by thread: Derived versus Explicit technical rationale
Next by thread: Re: Derived versus Explicit technical rationale
Index(es):
- Main
- Thread