[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt



David:

I want to respond to one point that was raised by your exchange with Steve 
Kent.

<SNIP>

> > Apparently Cisco has
> > chosen to offer only low assurance IPsec products, e.g,. FIPS level 2
> > at most, so the security perimeter is very large and thus the
> > sequence number can be maintained within that boundary. But, to
> > impose this assurance-limiting architecture on vendors who might wish
> > to offer higher security implementations is inappropriate.
>
>What ESP implementations don't maintain the sequence number within the
>security perimeter?   I am not aware of any.  If you are, please let us
>know.

<SNIP>

The consequences for reusing a sequence number are significantly different 
than the consequence of reusing a CTR mode key stream.  Therefore, I think 
that it is worth a few extra bits of overhead to make sure that the 
per-packet value is managed inside the security boundary.

Russ