[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt

To: "Waterhouse, Richard" <Richard.Waterhouse@GDC4S.Com>
Subject: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
From: Henry Spencer <henry@spsystems.net>
Date: Fri, 23 Aug 2002 10:50:47 -0400 (EDT)
cc: "Steven M. Bellovin" <smb@research.att.com>, ipsec@lists.tislabs.com
In-Reply-To: <2575327B6755D211A0E100805F9FF9540E345632@ndhmex02.ndhm.gsc.gte.com>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 23 Aug 2002, Waterhouse, Richard wrote:
> The FEC has to be external to ESP for it to prevent authentication failure
> at the ESP level. But I'm unaware of any provision within IP for FECs. Where
> would one apply such an FEC in the protocol stack at the transmitting ESP
> host/gateway that will make it through to the recipient ESP host/gateway?

The "noisy environment" is a link-level problem, not an IP-level problem,
so it can be, should be, and is, solved with FEC at the link level.  That
is the right approach for a number of reasons, not least the need to
tailor the FEC to the characteristics of the noise environment. 

By the way, the reason for making authentication a MUST is that there are
effective active attacks against confidentiality without it.  You don't
*get* reliable confidentiality without authentication. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
  - From: "Waterhouse, Richard" <Richard.Waterhouse@GDC4S.Com>

Prev by Date: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Next by Date: Re: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Prev by thread: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Next by thread: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Index(es):
- Date
- Thread