[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Calling the question: derived vs. explicit IV
On Fri, 1 Aug 1997, Theodore Y. Ts'o wrote:
> Date: Fri, 1 Aug 97 14:32:52 GMT
> From: "William Allen Simpson" <wsimpson@greendragon.com>
>
> In favor of Derived:
>
> 2) Maintains complete backward compatibility with RFCs 1829 and 1851.
> All shipping implementations already support the derived IV.
>
> Not true. It is not _complete_ backwards compatibility. RFC 1829
> support's no IV, 32-bit IV, and 64-bit IV. The compatibility you
> propose only works using RFC 1829-style 32-bit IV.
>
> In addition the handling of sequence number wrapping means that there is
> yet another compatibility issue. This can be solved having the ESP
> engine know something about whether the key management was manually done
> or not. However, that's an abstraction violation, and it certainly adds
> to the complexity of the implementation simply to have this
> "compatibility".
Using the current ESP draft in compatibility mode requires disabling the
authentication service. When the authentication service is disabled, the draft
requires disabling sequence number verification.
Norm
Norman Shulman Secure Computing Canada
Systems Developer Tel 1 416 813 2075
norm@tor.securecomputing.com Fax 1 416 813 2001
Follow-Ups:
References: