RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

[Stephen Kent <kent@bbn.com>]

Paul,

I guess we must simply disagree.  I too hate to see shortsighted 
tradeoffs, but the world is full of them, and out standards 
environment has many examples.  I might agree that the extra 
bandwidth devoted to the integrity is not too awful, and I agree that 
suitable hardware can parallel process the authentication data and 
not make it a bottleneck.  However, the Internet (and the IETF) has a 
long history of favoring software over hardware when it comes to 
these tradeoffs, and I'm not in favor of making IPsec the exception 
in this instance.  Also, I see very little evidence that the optional 
use of the authentication feature of ESP adds significant complexity 
to the protocol, since many (most?) folks agree that having an 
authentication-only mode for ESP is a good idea.

Steve

---

Follow-Ups:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>

References:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Chris Trobridge <CTrobridge@baltimore.com>
• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>
• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Stephen Kent <kent@bbn.com>
• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: RE: ipsec NICs?
• Next by Date: RE: Use of Encryption in Heartbeat Packets
• Prev by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Index(es):
  • Main
  • Thread