[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stream Ciphers in ESP- IPsec Stack?
Derek,
Derek Atkins wrote:
>
> Using stream ciphers in ESP is just dangerous. There are too many
> ways to just get it wrong. Look at the problems it caused in 802.11's
> WEP for a clear example how you should not do it.
draft-mcgrew-ipsec-scesp-02.txt describes how to do it right, and also
references some suitable keystream generators. Are you aware of any
problems in that spec? If so, I would be grateful if you would pass
them on.
thanks,
David
>
> -derek
>
> "lokesh" <lokeshnb@intotoinc.com> writes:
>
> > Hi all,
> >
> > Is there any latest document/information regarding use of=20
> > Stream ciphers like ARC-4 or RC4 in ESP of IPsec/Firewall Stack?.
> > people seem to call ESP using Stream ciphers as SC/ESP.
> > in that case, is there going to be change in ESP packet format or =
> > packet processing ?=20
> > I happen to refer some internet drafts like=20
> > <draft-caronni-esp--stream-01.txt> and <draft-mcgrew-ipsec-scesp-02.txt> =
> > second draft proposes no change in ESP packet format but gives no idea =
> > about how to handle packets which come out of order and how to provide =
> > Anti-Replay-Service, while former does give implementation details of =
> > Antireplay service but there is a change in ESP packet format as there =
> > is no pad length field present.
> > I'm looking for a complete document which addresses all these =
> > implementation details, is there one?
> > Are there any products which have implemented stream ciphers like ARC4 =
> > or RC4 in IPsec stack?=20
> > if so, can you give details there of ?
> >
> > help in this regard is highly appreciated.
> > thanks
> > Lokesh
> >
> >
> >
> > ------=_NextPart_000_006C_01C1314A.CC8B32A0
> > Content-Type: text/html;
> > charset="Windows-1252"
> > Content-Transfer-Encoding: quoted-printable
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> > <HTML><HEAD>
> > <META content=3D"text/html; charset=3Dwindows-1252" =
> > http-equiv=3DContent-Type>
> > <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
> > <STYLE></STYLE>
> > </HEAD>
> > <BODY bgColor=3D#ffffff>
> > <DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
> > <DIV> </DIV>
> > <DIV><FONT face=3DArial size=3D2>Is there any latest =
> > document/information regarding=20
> > use of </FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>Stream ciphers like ARC-4 or RC4 in ESP =
> > of=20
> > IPsec/Firewall Stack?.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>people seem to call ESP using Stream =
> > ciphers as=20
> > SC/ESP.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>in that case, is there going to =
> > be change in=20
> > ESP packet format or packet processing ? </FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>I happen to refer some internet drafts =
> > like=20
> > </FONT></DIV>
> > <DIV><FONT face=3DArial =
> > size=3D2><draft-caronni-esp--stream-01.txt> and=20
> > <draft-mcgrew-ipsec-scesp-02.txt> second draft proposes =
> > no=20
> > change in ESP packet format but gives no idea about how to handle =
> > packets which=20
> > come out of order and how to provide Anti-Replay-Service, while former =
> > does give=20
> > implementation details of Antireplay service but there is a change in =
> > ESP packet=20
> > format as there is no pad length field present.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>I'm looking for a complete document =
> > which addresses=20
> > all these implementation details, is there one?</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>Are there any products which have =
> > implemented=20
> > stream ciphers like ARC4 or RC4 in IPsec stack? </FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>if so, can you give details there of =
> > ?</FONT></DIV>
> > <DIV> </DIV>
> > <DIV><FONT face=3DArial size=3D2>help in this regard is highly=20
> > appreciated.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>thanks</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>Lokesh</FONT></DIV>
> > <DIV> </DIV>
> > <DIV> </DIV></BODY></HTML>
> >
> > ------=_NextPart_000_006C_01C1314A.CC8B32A0--
> >
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
References: