RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

[Chris Trobridge <CTrobridge@baltimore.com>]

> From: Helger Lipmaa [mailto:helger@cyber.ee]
> Sent: 03 March 2000 22:06
> To: Paul Koning
> Cc: kent@bbn.com; ipsec@lists.tislabs.com
> Subject: RE: Q: Why IPSEC to be used only in CBC mode & not other like
> CFB or OFB ?
> 
> The problem with sequence number concatenated with packet number used as
> counters is that some counter space would be lost: e.g. if sequence
> numbers are 32-bit numbers and packets are not longer than 2^16 blocks
> (where a block could be 8, 16 or 32 bytes) in length, there would be no
> more than 2^48 different counters. Of course, that is still better than
> the security of 2^32 offered by the CBC mode. And in this case more than
> 2^48 encrypted blocks should not be sent anyways (otherwise  ESP counter
> would zero again).

This isn't really a problem - sequence numbers are forbidden to repeat
already, as they're used to defend aganist replay attacks.

Due to the nature of IP (loss, duplication, re-ordering of datagrams) the
receiver needs to be able to determine the IV independently of any other
datagrams received.  An explicit IV provides this, so does a suitable
multiple of the sequence number.

It does reinforce the advantages of authentication in ESP.  I don't know if
I've come to the point of assuming ESP authentication is pretty much
essential through this group or though discussions with customers, but what
do others think?

Chris

---

Follow-Ups:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: Re: ipsec NICs?
• Next by Date: SA Lifetimes
• Prev by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Index(es):
  • Main
  • Thread