[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ciph-cbc-02.txt

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: draft-ietf-ipsec-ciph-cbc-02.txt
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Mon, 16 Mar 1998 18:10:22 -0500
cc: Bart Preneel <Bart.Preneel@esat.kuleuven.ac.be>, Roy Pereira <rpereira@TimeStep.com>, "IPSEC Mailing List" <ipsec@tis.com>, Bart Preneel <preneel@esat.kuleuven.ac.be>, Vincent Rijmen <rijmen@esat.kuleuven.ac.be>
In-reply-to: Your message of "Mon, 16 Mar 1998 14:42:26 -0500 ." <199803161942.OAA24677@dcl.MIT.EDU>
Sender: owner-ipsec@ex.tis.com

> P.S.  I suggest that when we revise the text of this draft, that we word
> it as saying that implementations SHOULD reject weak keys and request a
> new SA, but to not claim to have an exhaustive listing of all possible
> weak keys in the document.  That way, when researchers come up with new
> and interesting weak keys in IDEA, implementations be updated without
> implementors worrying about violating the spec.

I'm a little leery about this, because it means that different
implementations would have different ideas about what constitutes a
weak key, which could lead to rarely-occurring, difficult-to-diagnose
interoperability glitches when the shared key ends up being "weak" and
one endpoint detects this and the other doesn't.

					- Bill

Follow-Ups:

Re: draft-ietf-ipsec-ciph-cbc-02.txt

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Re: draft-ietf-ipsec-ciph-cbc-02.txt

From: Paul Koning <pkoning@xedia.com>

References:

Re: draft-ietf-ipsec-ciph-cbc-02.txt

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: Re: new IKE draft
Next by Date: some comments on draft-ietf-ipsec-arch-sec-04.txt
Prev by thread: Re: draft-ietf-ipsec-ciph-cbc-02.txt
Next by thread: Re: draft-ietf-ipsec-ciph-cbc-02.txt
Index(es):
- Main
- Thread