RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

[Paul Koning <pkoning@xedia.com>]

>>>>> "Chris" == Chris Trobridge <CTrobridge@baltimore.com> writes:

 Chris> It does reinforce the advantages of authentication in ESP.  I
 Chris> don't know if I've come to the point of assuming ESP
 Chris> authentication is pretty much essential through this group or
 Chris> though discussions with customers, but what do others think?

I've been convinced by Steve Bellovin's papers that it is essential.
Unfortunately, we're not currently allowed to reject ESP with null
authenticaton.  As far as I'm concerned, that's a bug, but
unfortunately some feel differently.  We're definitely telling people
in documentation not to skip authentication.

Both in software and hardware, there is no performance justification
for omitting authentication.

	paul

---

Follow-Ups:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: "Bob Doud" <bdoud@ire-ma.com>
• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Stephen Kent <kent@bbn.com>

References:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Chris Trobridge <CTrobridge@baltimore.com>

---

• Prev by Date: RE: ipsec NICs?
• Next by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Prev by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Index(es):
  • Main
  • Thread