[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Implicit/Explicit IV

To: ranjeet barve <ranjeet_barve@yahoo.co.in>
Subject: Re: Implicit/Explicit IV
From: Stephen Kent <kent@bbn.com>
Date: Sat, 13 Oct 2001 16:00:31 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <20011012143007.6816.qmail@web8007.mail.in.yahoo.com>
References: <20011012143007.6816.qmail@web8007.mail.in.yahoo.com>
Sender: owner-ipsec@lists.tislabs.com

At 3:30 PM +0100 10/12/01, ranjeet barve wrote:
>hi,
>I had a question on the use of Implicit and Explicit
>IV.
>I have come across following Situations in the various
>IPsec Implementations:
>1) Implicit IV is used by generating it at the
>respective peers by use of SEQ_ID.i.e
>            IV[0-3] = Seq-id;
>            IV[4-7] = ~Seq-id;
>
>2) Explicit IV is used for the first Packet i.e IV is
>generated Randomly + all following packets of the same
>Tunnel use Implicit IV as the last 8 bytes of the
>Cipher Text of the earlier Packet.
>
>3) Explicit IV is used for all the Packets of a
>particular Tunnel.
>
>Does Cases 1 and 2, not lead to interoperabality issue
>if both ends(Peers) are not using the same IPsec
>Implementation? i.e How do different IPsec
>Implementations Interop.
>Which is the most standard way to use in Implicit IV
>case?

whether an IV is implicit or explicit is defined as part of the RFC 
for the encryption algorithm and mode in question. thus, when 
negotiating the algorithm/mode, each peer will know how to locate or 
generate the IV.

case 3 above is clearly the default mode for DES or 3DES CBC. that is 
the primary standard in use today. what RFC(s) define the modes you 
allude to in cases 1 & 2?

Steve

References:

Implicit/Explicit IV

From: ranjeet barve <ranjeet_barve@yahoo.co.in>

Prev by Date: Re: Precedence on selectors, policy entries or both?
Next by Date: Re: DataStructure for Storing SPD,SA Entries
Prev by thread: Implicit/Explicit IV
Next by thread: DataStructure for Storing SPD,SA Entries
Index(es):
- Main
- Thread