[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Simplifying IKE

To: "'Henry Spencer'" <henry@spsystems.net>, "'Andrew Krywaniuk'" <andrew.krywaniuk@alcatel.com>
Subject: RE: Simplifying IKE
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Tue, 14 Aug 2001 19:09:59 +0100
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-reply-to: <Pine.BSI.3.91.1010814110400.3877C-100000@spsystems.net>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

> That's incorrect; "traffic analysis" is an idiom with a
> specific meaning
> in the cryptography world.

Alas, it is no longer possible to speak plain English in this technocratic
world :-)

> If the encryption scheme is vulnerable to chosen-plaintext
> attacks, it is
> already too weak to be used for protecting important data.
> Well-chosen
> encryption schemes are not vulnerable to (practical) chosen-plaintext
> attacks, and so this argument falls apart in real life.

I don't disagree with this. If you remember, this topic arose from a
previous discussion in which I was questioning the importance of having
separate SAs (i.e. keys) to protect different flows.

I merely mentioned what I felt to be the best counter-argument in order to
balance out the discussion somewhat. I agree with Scott that this attack is
certainly feasible in many environments, but we think/hope that modern
ciphers are strong enough to resist adaptive chosen plaintext attacks.

Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.

References:

RE: Simplifying IKE

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: having and eating cake? agressive mode with identity hiding
Next by Date: deconstructing "simplify"
Prev by thread: RE: Simplifying IKE
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread