[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto algorithms for IKEv2
At 1:17 PM -0400 4/29/03, Paul Koning wrote:
> >>>>> "Michael" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
>
> Michael> Editorial comments/questions:
>
> Michael> Where are the ENCR_DES_IV32 and ENCR_RC4 defined?
> Michael> RFC2401bis?
>
>Nowhere, I believe.
>
>ENCR_RC4 is clearly nonsense -- IPsec cannot work with stream ciphers
>because IPsec works with IP datagrams. Stream ciphers like RC4
>require loss-free delivery, which IP does not offer. So ENCR_RC4 is
>simply a mistake that was never corrected.
>
> paul
I agree with the conclusion, but not the rationale. One could use a
stream cipher with IPsec, so long as one carries the state info
needed for the cipher with each packet, just like we carry an IV.
Steve