[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stream Ciphers in ESP- IPsec Stack?
Last I checked, "disk i/o drivers" is not ESP. Note that I
specifically said "using stream ciphers in ESP." I would hope that
this statement would clearly limit my intent to IPsec, not other
potential uses of stream ciphers, no?
I would appreciate it if you could refrain from putting words in my
mouth or trying to expand the meaning of my words beyond what I
actually said. I have nothing against stream ciphers, but I would
prefer they be used only in tasks for which their benefits (and
drawbacks) match the engineering problem at hand.
Thanks,
-derek
Alex Alten <Alten@Home.Com> writes:
> That's not true. Just because the WEP implementation was wrong
> doesn't mean a stream cipher is too dangerous. Depending on the
> design stream ciphers can fit nicely into implementations of
> protocols or disk i/o drivers. However, I would not use RC4
> (aka ARC4), I've heard that its key setup machinery is broken.
>
> - Alex
>
> At 09:52 AM 8/30/2001 -0400, Derek Atkins wrote:
> >Using stream ciphers in ESP is just dangerous. There are too many
> >ways to just get it wrong. Look at the problems it caused in 802.11's
> >WEP for a clear example how you should not do it.
> >
> >-derek
> >
> >"lokesh" <lokeshnb@intotoinc.com> writes:
> >
> >> Hi all,
> >>
> >> Is there any latest document/information regarding use of=20
> >> Stream ciphers like ARC-4 or RC4 in ESP of IPsec/Firewall Stack?.
> >> people seem to call ESP using Stream ciphers as SC/ESP.
> >> in that case, is there going to be change in ESP packet format or =
> >> packet processing ?=20
> >> I happen to refer some internet drafts like=20
> >> <draft-caronni-esp--stream-01.txt> and <draft-mcgrew-ipsec-scesp-02.txt> =
> >> second draft proposes no change in ESP packet format but gives no idea =
> >> about how to handle packets which come out of order and how to provide =
> >> Anti-Replay-Service, while former does give implementation details of =
> >> Antireplay service but there is a change in ESP packet format as there =
> >> is no pad length field present.
> >> I'm looking for a complete document which addresses all these =
> >> implementation details, is there one?
> >> Are there any products which have implemented stream ciphers like ARC4 =
> >> or RC4 in IPsec stack?=20
> >> if so, can you give details there of ?
> >>
> >> help in this regard is highly appreciated.
> >> thanks
> >> Lokesh
> >>
> >>
> >>
> >> ------=_NextPart_000_006C_01C1314A.CC8B32A0
> >> Content-Type: text/html;
> >> charset="Windows-1252"
> >> Content-Transfer-Encoding: quoted-printable
> >>
> >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> >> <HTML><HEAD>
> >> <META content=3D"text/html; charset=3Dwindows-1252" =
> >> http-equiv=3DContent-Type>
> >> <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
> >> <STYLE></STYLE>
> >> </HEAD>
> >> <BODY bgColor=3D#ffffff>
> >> <DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
> >> <DIV> </DIV>
> >> <DIV><FONT face=3DArial size=3D2>Is there any latest =
> >> document/information regarding=20
> >> use of </FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>Stream ciphers like ARC-4 or RC4 in ESP =
> >> of=20
> >> IPsec/Firewall Stack?.</FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>people seem to call ESP using Stream =
> >> ciphers as=20
> >> SC/ESP.</FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>in that case, is there going to =
> >> be change in=20
> >> ESP packet format or packet processing ? </FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>I happen to refer some internet drafts =
> >> like=20
> >> </FONT></DIV>
> >> <DIV><FONT face=3DArial =
> >> size=3D2><draft-caronni-esp--stream-01.txt> and=20
> >> <draft-mcgrew-ipsec-scesp-02.txt> second draft proposes =
> >> no=20
> >> change in ESP packet format but gives no idea about how to handle =
> >> packets which=20
> >> come out of order and how to provide Anti-Replay-Service, while former =
> >> does give=20
> >> implementation details of Antireplay service but there is a change in =
> >> ESP packet=20
> >> format as there is no pad length field present.</FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>I'm looking for a complete document =
> >> which addresses=20
> >> all these implementation details, is there one?</FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>Are there any products which have =
> >> implemented=20
> >> stream ciphers like ARC4 or RC4 in IPsec stack? </FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>if so, can you give details there of =
> >> ?</FONT></DIV>
> >> <DIV> </DIV>
> >> <DIV><FONT face=3DArial size=3D2>help in this regard is highly=20
> >> appreciated.</FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>thanks</FONT></DIV>
> >> <DIV><FONT face=3DArial size=3D2>Lokesh</FONT></DIV>
> >> <DIV> </DIV>
> >> <DIV> </DIV></BODY></HTML>
> >>
> >> ------=_NextPart_000_006C_01C1314A.CC8B32A0--
> >>
> >
> >--
> > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > Member, MIT Student Information Processing Board (SIPB)
> > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > warlord@MIT.EDU PGP key available
> >
> --
>
> Alex Alten
>
> Alten@Home.Com
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: