[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Son of Ike status

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: RE: Son of Ike status
From: Charlie_Kaufman@notesdev.ibm.com
Date: Wed, 21 Aug 2002 19:46:43 -0400
Cc: ipsec@lists.tislabs.com, owner-ipsec@lists.tislabs.com
In-Reply-To: <p05111a1db989a2b1c4a9@[165.227.249.20]>
Sender: owner-ipsec@lists.tislabs.com






> >My plan was to say that messages could be half-encrypted/half-plaintext
> >where the first half would always be plaintext and the second half
> >encrypted and integrity protected. The encryption syntax would be the
same
> >as before but would start not immediately after the header but rather
> >at the beginning of a particular playload type - that payload being
> >whatever
> >happened to appear first in the part of the message we wanted to
encrypt.
>
> An alternative is to have a payload called something like "Encrypted
> stuff" that contains other payloads. Recursion of this payload would
> be unneeded and should be prohibited.

I considered that, but judged it to be marginally more complicated.
Its advantage and its disadvantage is that it invites having more
than one encrypted block and having unencrypted information before
and after the encrypted information. It seemed like flexibility that we
didn't need but that people would have to code for.

> >I was planning to say that only message 3 in the exchange could be so
> >encoded... other messages had to be all cleartext or all plain.
>
> An advantage of having messages 3 and 4 have the same structure
> (clear payloads and one encrypted enclosing payload) is that the
> responder could send informational messages in the clear in message
> 4, such as "your key is in the wrong group and therefore I couldn't
> encrypt with it" or "your message 3 appears to be bogus, go away".

If we can encrypt any of message 4, we can encrypt all of it. In message
4 encryption is optional - certain errors would not be encrypted. But
I can't think of any reason message 4 would be partially encrypted.
Can you?

          --Charlie

This footnote confirms that either (1) this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including computer
viruses, (2) this email message was sent by a virus that appends this
footnote, or (3) (most likely) the sender of this message is trying to
raise awareness of how foolish it would be to place any confidence in
footnotes like this.

Follow-Ups:
- RE: Son of Ike status
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- RE: Son of Ike status
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: RE: Son of Ike status
Next by Date: RE: Son of Ike status
Prev by thread: RE: Son of Ike status
Next by thread: RE: Son of Ike status
Index(es):
- Date
- Thread