RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

[Paul Koning <pkoning@xedia.com>]

>>>>> "Bob" == Bob Doud <bdoud@ire-ma.com> writes:

 Bob> Of course, one argument for ESP, Null Auth is when you are
 Bob> bundling it with AH.  That way, you pick up the authentication
 Bob> of the outer IP header, without duplicating the ICV's twice.

Yes, but AH is so much more trouble than ESP authentication.
In particular, it takes two passes to use AH if you also use
compression (IPCOMP).

Also, right now it is permitted to have just ESP (no AH) and yet no
authentication.  I can see no reason why that should continue.

	paul

---

Follow-Ups:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Stephen Kent <kent@bbn.com>

References:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>
• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: "Bob Doud" <bdoud@ire-ma.com>

---

• Prev by Date: RE: Use of Encryption in Heartbeat Packets
• Next by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Prev by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Index(es):
  • Main
  • Thread