[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CBC makes Implementations too Slow.

To: "Dilkie, Lee" <Lee_Dilkie@mitel.com>
Subject: RE: CBC makes Implementations too Slow.
From: Stephen Kent <kent@bbn.com>
Date: Thu, 29 Nov 2001 14:08:07 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <29B5A21C13C8D51190F900805F65B4EC39EFD0@rndex50.ottawa.mitel.com>
References: <29B5A21C13C8D51190F900805F65B4EC39EFD0@rndex50.ottawa.mitel.com>
Sender: owner-ipsec@lists.tislabs.com

At 10:53 AM -0500 11/29/01, Dilkie, Lee wrote:
>I'm not sure if using a packet counter for an IV is bad. It's just 
>that you can't wrap. It's important that the same key/IV combination 
>not get reused. I don't believe that the requirement for a random IV 
>is necessary. The reason I point this out is that the secure RTP 
>spec <draft-ieft-avt-srtp-01.txt> uses an implicit IV (to save on 
>transmitting extra data) which is based on information in the RTP 
>header (and really is just a packet counter under the covers).
>
>Lee Dilkie
>
>Mitel Networks
>350 Legget Drive
>Kanata, ON, Canada
>K2K 2W7

The FIPS that defines CBC mode calls for the IV to be random or 
pseudo random. We explicitly discussed and rejected an implicit IV 
based on a value such as you cite for secure RTP.  I don't know who 
decided that the approach they used was good, but I know what this WG 
has discussed previously and what the relevant crypto standards say.

Steve

Follow-Ups:

RE: CBC makes Implementations too Slow.

From: Mark Baugher <mbaugher@cisco.com>

References:

RE: CBC makes Implementations too Slow.

From: "Dilkie, Lee" <Lee_Dilkie@mitel.com>

Prev by Date: Re: Gee, shared secrets suck (was: Re: SOI: identity protection andDOS)
Next by Date: Re: On shared keys
Next by thread: Re: Status of ID: IPsec Flow Monitoring MIB
Index(es):
- Main
- Thread