Derived versus Explicit IV

"William Allen Simpson" <wsimpson@greendragon.com> Wed, 23 July 1997 12:46 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA12701 for ipsec-outgoing; Wed, 23 Jul 1997 08:46:16 -0400 (EDT)
Date: Wed, 23 Jul 1997 12:22:51 +0000
From: William Allen Simpson <wsimpson@greendragon.com>
Message-ID: <6314.wsimpson@greendragon.com>
To: ipsec@tis.com
Subject: Derived versus Explicit IV
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Ted is somewhat confused.

The mandatory to implement _manually_ configured algorithm is
ciph-des-derived.

 1) There are no vendors shipping anything else.

 2) There is no technical rationale supporting a change to an explicit IV.

 3) There is no increase in cryptographic strength with an explicit IV.

 4) A change to explicit IV would "obsolete" thousands of fielded units,
    and create a user support nightmare.

However, there was a "gentlemans' agreement" that ISAKMP could negotiate
an explicit IV for single DES when it was so configured.  And some
vendors (but not all) at the ANX workshops tested such a configuration.

To quote Moskowitz on another list, with respect to ISAKMP:
    Date: Thu, 03 Jul 1997 10:20:45 -0400
    From: Robert Moskowitz <rgm3@chrysler.com>
    As co-chair I state that we will give the workgroup a reasonable
    (end-of-july) time to determine a direction, if not, the market decides
    this one.

Unfortunately, Bob forgot to tell the WG he had made this direction.

Another "gentlemans' agreement" was that only 3des-derived would be
published as output of this WG, since nobody had documented or tested
explicit IV for 3DES, and at least 2 vendors had shipped derived IV
based on RFC-1851.

However, certain folks just violated that agreement.  In response, I
will be posting CAST et alia with derived IVs.


> From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
> 	My understanding is that the mandatory to implement cipher
> algorithm, based on what the vendors are implementing and what they
> tested at the ANX interoperability workshop, is represented by the I-D
> draft-ietf-ipsec-ciph-des-expiv-00.txt.   In other words, DES CBC with
> an explicit IV.
>

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2