[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: suites vs. a la carte and IPcomp in IKEv2-05
Hugo, thanks for correcting me..
To everyone else: I mistakenly asserting a position of Hugo.
Below is his ACTUAL opinion on the topic.
-derek
Hugo Krawczyk <hugo@ee.technion.ac.il> writes:
> You may want to send to the list the
> clarification below as I sent to you. At least it will document my real
> opinion before people start attributing to me something I disagree
> with.
>
>
> > Hugo Krawczyk <hugo@ee.technion.ac.il> writes:
> >
> > > On 28 Feb 2003, Derek Atkins wrote:
> > >
> > > > Perhaps some people's comments jumbled together after reading through
> > > > 2000+ messages. I seem to recall that you had an issue with choosing
> > > > algorithms a la carte due to the lack of security proof of arbitrary
> > > > combinations of various algorithms.
> > >
> > > This was not (and is not) my opinion.
> > > Actually one of the main criteria I use in designing crypto protocols is
> > > that their security will not depend on specific functions but rather on
> > > general functionalities (or "primitives", as we usally call these in
> > > cryptography). Therefore if the protocol uses a prf, a MAC and
> > > encryption, then ANY secure implementations of these functions will do.
> > > No need to check the specific inter-relations. Those are taken care
> > > already in the protocol analysis. In particular this is the case for the
> > > IKE's design.
> > >
> > > Hugo
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com