[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 26 May 1999 11:09:26 -0400
Cc: sjudy@myko.rainbow.com, smacgreg@myko.rainbow.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <199905251943.PAA16111@dcl.MIT.EDU>, "Theodore Y. Ts'o" writes:
>
>draft-ietf-ipsec-skipjack-cbc-00.txt
>
>Scott, Sandra,
>

>Secondly, there's a much more serious technical problem with your draft,
>in that by using an implicit IV and a sequence number, it looks like
>you're assuming that IV is chained across packets.  If that is the case,
>it has a significant problem in that it you force the IPSEC engine to
>handle reordering, and even worse, it has no way to recover from a
>dropped packet.

Actually, no -- given CBC's properties, a dropped packet implies that the
following packet will not be decryptable; however, the last block of its 
ciphertext can still be used as the IV for the next packet.  You thus square 
the effective packet loss probability.  Reordering is still a significant 
hassle for the receiver, however.
>
>I suggest you rethink your decision to use an implicit IV.
>

Agreed.
>						- Ted
>
>
>
>

Follow-Ups:

Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt

From: Philip Gladstone <philip@raptor.com>

Prev by Date: I-D ACTION:draft-ietf-ipsec-ike-ecc-groups-00.txt
Next by Date: call for paper
Prev by thread: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
Next by thread: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
Index(es):
- Main
- Thread