[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto algorithms for IKEv2



At 1:17 PM -0400 4/29/03, Paul Koning wrote:
>  >>>>> "Michael" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
>
>  Michael> Editorial comments/questions:
>
>  Michael> Where are the ENCR_DES_IV32 and ENCR_RC4 defined?
>  Michael> RFC2401bis?
>
>Nowhere, I believe.
>
>ENCR_RC4 is clearly nonsense -- IPsec cannot work with stream ciphers
>because IPsec works with IP datagrams.  Stream ciphers like RC4
>require loss-free delivery, which IP does not offer.  So ENCR_RC4 is
>simply a mistake that was never corrected.
>
>        paul

I agree with the conclusion, but not the rationale.  One could use a 
stream cipher with IPsec, so long as one carries the state info 
needed for the cipher with each packet, just like we carry an IV.

Steve