[dtn-security] Re(2): Ciphersuite

Peter Lovell <plovell@mac.com> Wed, 15 July 2009 22:22 UTC

Received: from asmtpout021.mac.com (asmtpout021.mac.com []) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6FMMrRh028634 for <dtn-security@maillists.intel-research.net>; Wed, 15 Jul 2009 15:22:53 -0700
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=ISO-8859-1
Received: from [] (dsl092-149-198.wdc2.dsl.speakeasy.net []) by asmtp021.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMU00IG3GRFA830@asmtp021.mac.com> for dtn-security@maillists.intel-research.net; Wed, 15 Jul 2009 15:21:19 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: Sushil Chaudhari <schaudhari@mzeal.com>, dtn-security@maillists.intel-research.net
Date: Wed, 15 Jul 2009 18:21:15 -0400
Message-id: <20090715222115.1044991942@smtp.mac.com>
In-reply-to: <20090715214939.91774.qmail@mzeal.com>
References: <20090715214939.91774.qmail@mzeal.com>
X-Mailer: CTM PowerMail version 6.0.2 build 4601 English (intel) <http://www.ctmdev.com>
Subject: [dtn-security] Re(2): Ciphersuite
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 22:22:53 -0000

On Wed, Jul 15, 2009, Sushil Chaudhari <schaudhari@mzeal.com> wrote:

>As mentioned in the draft-irtf-dtnrg-bundle-security-08 :
>The BAB ciphersuite is based on shared secret using HMAC.
>The PIB is based on digital signatures using RSA with SHA 256.
>the PCB and ESB are based on RSA with AES.
>My question is, do we have (or can we implement) any common ciphersuite
>for all of the security blocks?

Well, there's no common ciiphersuite because they serve different
purposes. PCB encrypts the data, for example, while PIB allows you to
verify it hasn't been altered but does not make it secret.

What are you trying to achieve?