[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stream Ciphers in ESP- IPsec Stack?

To: Derek Atkins <warlord@mit.edu>
Subject: Re: Stream Ciphers in ESP- IPsec Stack?
From: "David A. McGrew" <mcgrew@cisco.com>
Date: Fri, 31 Aug 2001 07:38:16 -0700
CC: lokesh <lokeshnb@intotoinc.com>, ipsec@lists.tislabs.com
Organization: Cisco Systems
References: <006f01c1311c$b4b09040$ae0510ac@roc.com> <sjmsne9vemm.fsf@rcn.ihtfp.org>
Reply-To: @cisco.com
Sender: owner-ipsec@lists.tislabs.com

Derek,

Derek Atkins wrote:
> 
> Using stream ciphers in ESP is just dangerous.  There are too many
> ways to just get it wrong.  Look at the problems it caused in 802.11's
> WEP for a clear example how you should not do it.

draft-mcgrew-ipsec-scesp-02.txt describes how to do it right, and also
references some suitable keystream generators.  Are you aware of any
problems in that spec?  If so, I would be grateful if you would pass
them on.

thanks,

David

> 
> -derek
> 
> "lokesh" <lokeshnb@intotoinc.com> writes:
> 
> > Hi all,
> >
> > Is there any latest document/information regarding use of=20
> > Stream ciphers like ARC-4 or RC4 in ESP of IPsec/Firewall Stack?.
> > people seem to call ESP using Stream ciphers as SC/ESP.
> > in that case, is  there going to be change in ESP packet format or =
> > packet processing ?=20
> > I happen to refer some internet drafts like=20
> > <draft-caronni-esp--stream-01.txt> and <draft-mcgrew-ipsec-scesp-02.txt> =
> >  second draft proposes no change in ESP packet format but gives no idea =
> > about how to handle packets which come out of order and how to provide =
> > Anti-Replay-Service, while former does give implementation details of =
> > Antireplay service but there is a change in ESP packet format as there =
> > is no pad length field present.
> > I'm looking for a complete document which addresses all these =
> > implementation details, is there one?
> > Are there any products which have implemented stream ciphers like ARC4 =
> > or RC4 in IPsec stack?=20
> > if so, can you give details there of ?
> >
> > help in this regard is highly appreciated.
> > thanks
> > Lokesh
> >
> >
> >
> > ------=_NextPart_000_006C_01C1314A.CC8B32A0
> > Content-Type: text/html;
> >       charset="Windows-1252"
> > Content-Transfer-Encoding: quoted-printable
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> > <HTML><HEAD>
> > <META content=3D"text/html; charset=3Dwindows-1252" =
> > http-equiv=3DContent-Type>
> > <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
> > <STYLE></STYLE>
> > </HEAD>
> > <BODY bgColor=3D#ffffff>
> > <DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
> > <DIV>&nbsp;</DIV>
> > <DIV><FONT face=3DArial size=3D2>Is there any latest =
> > document/information regarding=20
> > use of </FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>Stream ciphers like ARC-4 or RC4 in ESP =
> > of=20
> > IPsec/Firewall Stack?.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>people seem to call ESP using Stream =
> > ciphers as=20
> > SC/ESP.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>in that case, is&nbsp; there going to =
> > be change in=20
> > ESP packet format or packet processing ? </FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>I happen to refer some internet drafts =
> > like=20
> > </FONT></DIV>
> > <DIV><FONT face=3DArial =
> > size=3D2>&lt;draft-caronni-esp--stream-01.txt&gt; and=20
> > &lt;draft-mcgrew-ipsec-scesp-02.txt&gt;&nbsp;&nbsp;second draft proposes =
> > no=20
> > change in ESP packet format but gives no idea about how to handle =
> > packets which=20
> > come out of order and how to provide Anti-Replay-Service, while former =
> > does give=20
> > implementation details of Antireplay service but there is a change in =
> > ESP packet=20
> > format as there is no pad length field present.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>I'm looking for a complete document =
> > which addresses=20
> > all these implementation details, is there one?</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>Are there any products which have =
> > implemented=20
> > stream ciphers like ARC4 or RC4 in IPsec stack? </FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>if so, can you give details there of =
> > ?</FONT></DIV>
> > <DIV>&nbsp;</DIV>
> > <DIV><FONT face=3DArial size=3D2>help in this regard is highly=20
> > appreciated.</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>thanks</FONT></DIV>
> > <DIV><FONT face=3DArial size=3D2>Lokesh</FONT></DIV>
> > <DIV>&nbsp;</DIV>
> > <DIV>&nbsp;</DIV></BODY></HTML>
> >
> > ------=_NextPart_000_006C_01C1314A.CC8B32A0--
> >
> 
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available

References:

Stream Ciphers in ESP- IPsec Stack?

From: "lokesh" <lokeshnb@intotoinc.com>

Re: Stream Ciphers in ESP- IPsec Stack?

From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: Stream Ciphers in ESP- IPsec Stack?
Prev by thread: Re: Stream Ciphers in ESP- IPsec Stack?
Next by thread: Re: Stream Ciphers in ESP- IPsec Stack?
Index(es):
- Main
- Thread