RE: CBC makes Implementations too Slow.

["David A. Mcgrew" <mcgrew@cisco.com>]

Mark,

Mark Baugher wrote:
> SRTP's implicit IV is for counter mode, not cbc.

thanks for pointing this out and calling it to my attention.  I'd also like
to point out that the ID

http://search.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt

includes a specification and test vectors for a definition of counter mode
that works for both SRTP and ESP.

David

>
> Mark
> At 02:08 PM 11/29/2001 -0500, Stephen Kent wrote:
> >At 10:53 AM -0500 11/29/01, Dilkie, Lee wrote:
> >>I'm not sure if using a packet counter for an IV is bad. It's just that
> >>you can't wrap. It's important that the same key/IV combination not get
> >>reused. I don't believe that the requirement for a random IV is
> >>necessary. The reason I point this out is that the secure RTP spec
> >><draft-ieft-avt-srtp-01.txt> uses an implicit IV (to save on
> transmitting
> >>extra data) which is based on information in the RTP header (and really
> >>is just a packet counter under the covers).
> >>
> >>Lee Dilkie
> >>
> >>Mitel Networks
> >>350 Legget Drive
> >>Kanata, ON, Canada
> >>K2K 2W7
> >
> >
> >The FIPS that defines CBC mode calls for the IV to be random or pseudo
> >random. We explicitly discussed and rejected an implicit IV based on a
> >value such as you cite for secure RTP.  I don't know who decided
> that the
> >approach they used was good, but I know what this WG has discussed
> >previously and what the relevant crypto standards say.
> >
> >Steve
>

---

References:

• RE: CBC makes Implementations too Slow.
• From: Mark Baugher <mbaugher@cisco.com>

---

• Prev by Date: RE: On shared keys (was RE: SOI: identity protection and DOS)
• Next by Date: Re: On shared keys
• Next by thread: Re: Status of ID: IPsec Flow Monitoring MIB
• Index(es):
  • Main
  • Thread