[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto algorithms for IKEv2
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Koning <pkoning@equallogic.com> writes:
>>>>> "Michael" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
Michael> Editorial comments/questions:
Michael> Where are the ENCR_DES_IV32 and ENCR_RC4 defined?
Michael> RFC2401bis?
Paul> Nowhere, I believe.
Paul> ENCR_RC4 is clearly nonsense -- IPsec cannot work with stream ciphers
Paul> because IPsec works with IP datagrams. Stream ciphers like RC4
Paul> require loss-free delivery, which IP does not offer. So ENCR_RC4 is
Paul> simply a mistake that was never corrected.
I thought that we had a way to synchronous a stream cipher with an offset
that essentially replaces the IV. This is computationally expensive if you do
it wrong, but is currently done. I don't know - I never wrote RC4.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPq7c34qHRg3pndX9AQGHpQQA6Mb+5x5RvtyC6IOMv2aUcUIJcHiU2vr4
QNyO7E3O79ycIniWV315DH03GBfBHWMrFjO09N9Gwa4b+YAZmg6SxOvtvOzxtbeM
LeOLI0z7v27QpExwe5vz3/xDRv++ABDTa7aChnRP8sUS17fYc1vbihz7e93IXSEk
p6fAlrHlKfQ=
=g6n9
-----END PGP SIGNATURE-----