[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stream Ciphers in ESP- IPsec Stack?
Using stream ciphers in ESP is just dangerous. There are too many
ways to just get it wrong. Look at the problems it caused in 802.11's
WEP for a clear example how you should not do it.
-derek
"lokesh" <lokeshnb@intotoinc.com> writes:
> Hi all,
>
> Is there any latest document/information regarding use of=20
> Stream ciphers like ARC-4 or RC4 in ESP of IPsec/Firewall Stack?.
> people seem to call ESP using Stream ciphers as SC/ESP.
> in that case, is there going to be change in ESP packet format or =
> packet processing ?=20
> I happen to refer some internet drafts like=20
> <draft-caronni-esp--stream-01.txt> and <draft-mcgrew-ipsec-scesp-02.txt> =
> second draft proposes no change in ESP packet format but gives no idea =
> about how to handle packets which come out of order and how to provide =
> Anti-Replay-Service, while former does give implementation details of =
> Antireplay service but there is a change in ESP packet format as there =
> is no pad length field present.
> I'm looking for a complete document which addresses all these =
> implementation details, is there one?
> Are there any products which have implemented stream ciphers like ARC4 =
> or RC4 in IPsec stack?=20
> if so, can you give details there of ?
>
> help in this regard is highly appreciated.
> thanks
> Lokesh
>
>
>
> ------=_NextPart_000_006C_01C1314A.CC8B32A0
> Content-Type: text/html;
> charset="Windows-1252"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META content=3D"text/html; charset=3Dwindows-1252" =
> http-equiv=3DContent-Type>
> <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
> <DIV> </DIV>
> <DIV><FONT face=3DArial size=3D2>Is there any latest =
> document/information regarding=20
> use of </FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>Stream ciphers like ARC-4 or RC4 in ESP =
> of=20
> IPsec/Firewall Stack?.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>people seem to call ESP using Stream =
> ciphers as=20
> SC/ESP.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>in that case, is there going to =
> be change in=20
> ESP packet format or packet processing ? </FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>I happen to refer some internet drafts =
> like=20
> </FONT></DIV>
> <DIV><FONT face=3DArial =
> size=3D2><draft-caronni-esp--stream-01.txt> and=20
> <draft-mcgrew-ipsec-scesp-02.txt> second draft proposes =
> no=20
> change in ESP packet format but gives no idea about how to handle =
> packets which=20
> come out of order and how to provide Anti-Replay-Service, while former =
> does give=20
> implementation details of Antireplay service but there is a change in =
> ESP packet=20
> format as there is no pad length field present.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>I'm looking for a complete document =
> which addresses=20
> all these implementation details, is there one?</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>Are there any products which have =
> implemented=20
> stream ciphers like ARC4 or RC4 in IPsec stack? </FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>if so, can you give details there of =
> ?</FONT></DIV>
> <DIV> </DIV>
> <DIV><FONT face=3DArial size=3D2>help in this regard is highly=20
> appreciated.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>thanks</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>Lokesh</FONT></DIV>
> <DIV> </DIV>
> <DIV> </DIV></BODY></HTML>
>
> ------=_NextPart_000_006C_01C1314A.CC8B32A0--
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
Follow-Ups:
References: