[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some comments on JFK

To: ekr@rtfm.com
Subject: Re: Some comments on JFK
From: Ran Canetti <canetti@watson.ibm.com>
Date: Tue, 4 Dec 2001 23:57:25 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

I agree - The encryption algorithm(s) in use should be part of the protocol
specification. (Indeed, stream ciphers such as RC4 are not appropriate.)

BTW, forgot to mention - I agree with your assessment of what goes wrong if
the signature in message 4 in JFK is replaced with a MAC. This is exactly
why it is there.

Ran

> From ekr@rtfm.com Tue Dec  4 00:49:08 2001
> 
> Ran Canetti <canetti@watson.ibm.com> writes:
> > * Regarding different keys for encryption by I and R. This is not really
> > necessary if you're using CBC with random IV, or any "decent" encryption
> > method. (And, yes, ECB mode is not really "decent" in this context.)
> It wouldn't be safe to use RC4, however. IMHO the protocol should either
> state what invariants are being assumed or should be constructed to be
> safe in the face of a weaker set of invariants.
> 
> Cheers,
> -Ekr
> 
> -- 
> [Eric Rescorla                                   ekr@rtfm.com]
>                 http://www.rtfm.com/
>

Follow-Ups:

Re: Some comments on JFK

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: Stephane's Comments on IKEv2
Next by Date: Re: compare-jfk-sigma.txt
Prev by thread: Re: Some comments on JFK
Next by thread: Re: Some comments on JFK
Index(es):
- Main
- Thread