[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Use OTP in IPSEC?

To: ipsec@lists.tislabs.com
Subject: Use OTP in IPSEC?
From: Markku Savela <msa@anise.tte.vtt.fi>
Date: Wed, 6 Oct 1999 13:52:06 +0300 (EET DST)
Reply-to: msa@hemuli.tte.vtt.fi (Markku Savela)
Sender: owner-ipsec@lists.tislabs.com

This is just one my random ideas that float in the background, and
just decided to sound it off on this list...

I think there might be some special cases where even use of OTP (One
time pad) might be usable with IPSEC.

Possible technical definition: Within ESP, each packet would, instead
of IV, use an 64 bit offset to OTP that is somehow known to both ends
(with the usual problems of keeping the OTP secret etc.)

	A server that provides some highly sensitive, but short,
	information as a responce to queries could use this
	method. [This almost implicitly requires the ability to
	negotiate assymmetric associations (currently only possible
	with manual configuring)

	Server ----> IPSEC(OTP) ------> clients
	       <---- other protection

	[cant have multiple senders use the same OTP, as it would be
	hard to prevent the same pad segment being used twice].


OTP might be useful also in the key echange of the key management, if
one is suspicious about the public key algorithms.

Follow-Ups:

Re: Use OTP in IPSEC?

From: Ari Huttunen <Ari.Huttunen@datafellows.com>

Prev by Date: diffedge handling of fragments
Next by Date: RE: diffedge handling of fragments
Prev by thread: RE: diffedge handling of fragments
Next by thread: Re: Use OTP in IPSEC?
Index(es):
- Main
- Thread