[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: key processing for manual and dynamic SA

To: Stephen Waters <Stephen.Waters@digital.com>
Subject: RE: key processing for manual and dynamic SA
From: CJ Gibson <cjgibson@semaphorecom.com>
Date: Fri, 24 Jul 1998 11:30:27 -0700
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Steven, 
I think this was discussed a long time ago (Detroit time frame?) and it
was decided that 64-bits of keying material would be used for DES, and
the code which received the 64-bits would modify the parity bits so each
byte has odd parity. 
If this is no longer true, I'd like to hear about it also!
-CJ

	-----Original Message-----
	From:	Stephen Waters [SMTP:Stephen.Waters@digital.com]
	Sent:	Friday, July 24, 1998 7:27 AM
	To:	ipsec@tis.com
	Subject:	key processing for manual and dynamic SA 


	Hi,

	I have an 'interop' issue for keying material that I would like
to hear some

	views on:

	1) Manual Mode SA.

	As an example, I need to prompt the UI for a DES session key for
an ESP SA.
	DES only actually requires a 56bit stream to do the calculation
- although
	this
	56bits is expanded to include parity-bits (probably for historic
reasons -
	pre
	parity memory?).

	Should the UI ask for 56bits (14 hexadecimal digits) and then
expand with 
	parity bits and check against the weak-key list,  or should the
UI ask for
	64bits.

	The problems with asking for 64bits are :

	a) either the use is expected to get the parity bit right
	b) or the management code applies the parity automatically

	a) is too much to ask and b) changes the key.

	For the sake of interop,  I think we need to decide on a common
way of 
	presenting keying material at the UI. If one end of the link
takes 56bits, 
	and the other takes 64bits, converting between the two over the
'phone 
	is not straightforward!  

	For example, if one end gets a 56bit key at the UI of:
	23fe45de56ab78
	Given low-order-bit parity and auto-parity at the 64bit UI end,
this key
	would 
	be 'communicated' as:
	22f790bae4b4acf0  (or something like that!).

	It sounds easiest (to me), if we could agree on using the
non-parity version
	of 
	the required key, where parity is an issue. Then I can easier
'communicate' 
	manual keys without worrying about parity.

	2) Dynamic Mode SA 

	I am assuming the following process for generated keying
material:

	Using DES as an example again,  I strip 64bits from the
generated keying 
	material, apply parity bit logic and check the weak-key listings
(again,
	this had
	better happen the same way on both systems).

	Question:  What do I do if the constructed 64bit key is weak?
Do I:
	a) reject the establishment
	b) move on one byte in the keying material and try again
	c) move on one-block (64bits) and try again?

	Again, the process needs to be standard.

	Thanks, Steve.

Prev by Date: Re: key processing for manual and dynamic SA
Next by Date: I-D ACTION:draft-simpson-cbc-01.txt
Prev by thread: Re: key processing for manual and dynamic SA
Next by thread: I-D ACTION:draft-simpson-cbc-01.txt
Index(es):
- Main
- Thread