[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ottawa bakeoff feedback] problem with ESP Padding



 
>This is wrong.  It doesn't work for hardware vendors.   
>It does not meet the requirement for self-describing  
>padding, as hardware vendors requested ... 
 
Wrong?  It works.  The padding field is not self describing, it is located a 
fixed distance from the end of the ESP packet. 
 
The counting was provided for a particular cut and paste attack.  This attack 
is a byproduct of authentication over encryption.  These are all features of 
our current specification:-) 
 
>This changes the Pad Length field to mean  
>"the length of the padding field, counting the length byte itself". 
 
This would work... but there is no compelling reason to change the current 
usage of the pad length field. 
 
 
Paul 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Paul Lambert                     Director of Security Products 
Oracle Corporation               Phone:         (650) 506-0370 
500 Oracle Parkway, Box 659410     Fax:         (650) 633-2963 
Redwood Shores, CA  94065       E-Mail: palamber@us.oracle.com 
PGP:	    F4 B9 3B 17 BD 49 3B 0C    9E B9 95 E2 42 CA 02 E3 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~