[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Stream Ciphers in ESP- IPsec Stack?



Lokesh,
 
If you must use a stream cipher, perhaps you should consider a stream cipher like SEAL or a block cipher in counter mode rather than RC4. RC4 does not have the random access property--i.e., the packet can't simply carry some marker to tell the receiver where to efficiently resume the cipher in case packets are lost or arrive out of order--so for practical purposes its key schedule has to be restarted on every packet. This causes all sorts of trouble you'd really rather not deal with. RC4 is a good choice if you have a reliable medium, but seems problematic for datagram environments. I would never use it in IPsec.
 
-- Jesse
-----Original Message-----
From: lokesh [mailto:lokeshnb@intotoinc.com]
Sent: Wednesday, August 29, 2001 11:26 PM
To: ipsec@lists.tislabs.com
Subject: Stream Ciphers in ESP- IPsec Stack?

Hi all,
 
Is there any latest document/information regarding use of
Stream ciphers like ARC-4 or RC4 in ESP of IPsec/Firewall Stack?.
people seem to call ESP using Stream ciphers as SC/ESP.
in that case, is  there going to be change in ESP packet format or packet processing ?
I happen to refer some internet drafts like
<draft-caronni-esp--stream-01.txt> and <draft-mcgrew-ipsec-scesp-02.txt>  second draft proposes no change in ESP packet format but gives no idea about how to handle packets which come out of order and how to provide Anti-Replay-Service, while former does give implementation details of Antireplay service but there is a change in ESP packet format as there is no pad length field present.
I'm looking for a complete document which addresses all these implementation details, is there one?
Are there any products which have implemented stream ciphers like ARC4 or RC4 in IPsec stack?
if so, can you give details there of ?
 
help in this regard is highly appreciated.
thanks
Lokesh