[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Counter Mode Security: Analysis and Recommendations

To: sommerfeld@east.sun.com
Subject: Re: Counter Mode Security: Analysis and Recommendations
From: Paul Koning <pkoning@equallogic.com>
Date: Tue, 19 Nov 2002 20:26:11 -0500
Cc: mcgrew@cisco.com, tytso@mit.edu, paul.hoffman@vpnc.org, ipsec@lists.tislabs.com
References: <15834.46260.21749.515468@pkoning.dev.equallogic.com><200211192311.gAJNBZfR004480@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Bill" == Bill Sommerfeld <sommerfeld@east.sun.com> writes:

 >> You mean "is it acceptable to limit packets to be 64k or less?"
 >> If you make the block counter 16 bits, then the actual packet size
 >> limit is 1 megabyte because blocks are 16 bytes...  That's fine.

 Bill> There's an effort underway to investigate much larger packet
 Bill> sizes as link speed increases.

 Bill> See http://www.psc.edu/~mathis/MTU/

That's fine, but if I have to choose between that, and a counter mode
that's 12 orders of magnitude less secure than it should be, I'll pick
the latter, always.

    paul

References:
- RE: Counter Mode Security: Analysis and Recommendations
  - From: Paul Koning <pkoning@equallogic.com>
- Re: Counter Mode Security: Analysis and Recommendations
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: Counter Mode Security: Analysis and Recommendations
Next by Date: Re: Adding revised identities to IKEv2
Prev by thread: Re: Counter Mode Security: Analysis and Recommendations
Next by thread: RE: Counter Mode Security: Analysis and Recommendations
Index(es):
- Date
- Thread