[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt

To: sjudy@myko.rainbow.com, smacgreg@myko.rainbow.com
Subject: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Tue, 25 May 1999 15:43:20 -0400 (EDT)
Address: 1 Amherst St., Cambridge, MA 02139
Cc: ipsec@lists.tislabs.com
In-reply-to: Internet-Drafts@ietf.org's message of Tue, 25 May 1999 07:30:26-0400, <199905251130.HAA08035@ietf.org>
Phone: (617) 253-8091
Sender: owner-ipsec@lists.tislabs.com


draft-ietf-ipsec-skipjack-cbc-00.txt

Scott, Sandra,

I note that have submitted this SKIPJACK ESP algorithm to
Internet-Drafts.  Technically speaking, it shouldn't have been submitted
with a draft-ietf-ipsec-* prefix, since this implies that it is an
official IPSEC wg work item --- which it isn't, to date.

Secondly, there's a much more serious technical problem with your draft,
in that by using an implicit IV and a sequence number, it looks like
you're assuming that IV is chained across packets.  If that is the case,
it has a significant problem in that it you force the IPSEC engine to
handle reordering, and even worse, it has no way to recover from a
dropped packet.

I suggest you rethink your decision to use an implicit IV.

						- Ted

References:

I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt

From: Internet-Drafts@ietf.org

Prev by Date: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
Next by Date: Re: ICMP in IPSec
Prev by thread: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
Next by thread: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
Index(es):
- Main
- Thread