[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt

To: <pkoning@xedia.com>
Subject: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
From: "Hilarie Orman" <HORMAN@novell.com>
Date: Wed, 26 May 1999 17:10:23 -0600
Cc: <ipsec@lists.tislabs.com>, <philip@raptor.com>
Sender: owner-ipsec@lists.tislabs.com

The Rogaway example illustrates what is meant
by the requirement that the IV be "unpredictable" —
the requirement isn't that it is uncomputable, it
is that it is not correlated with the plaintext.
Anything that generates a good pseudorandom sequence
is acceptable as an IV.  And any good cipher does
this.

It seems silly to object to using the last cipherblock
as an IV on cryptographic grounds; afterall, in CBC,
every cipher block is an IV for the next.

I don't like the requirement that the last ciphertext
in a packet be the IV for the next on less esoteric
grounds.  First, it's unnecessary and thus shouldn't
be an implementation requirement, and second, it suggests
that you can take advantage of it and do oddball things
like implicit IV's or use it as a checksum or a sequencing
mechanism for reliability.

Hilarie

Prev by Date: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
Next by Date: info request.
Prev by thread: Re: I-D ACTION:draft-ietf-ipsec-skipjack-cbc-00.txt
Next by thread: I-D ACTION:draft-ietf-ipsec-ike-ecc-groups-00.txt
Index(es):
- Main
- Thread