CBC encryption document

Phil Rogaway <rogaway@cs.ucdavis.edu> Tue, 02 May 1995 22:08 UTC

Message-Id: <199505022155.AA42038@interlock.ans.net>
Date: Tue, 02 May 1995 14:55:05 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Phil Rogaway <rogaway@cs.ucdavis.edu>
To: ipsec@ans.net
Subject: CBC encryption document

Dear colleagues,

Just posted is my (apparently misnamed) working draft 
    draft-ietf-ipsec-cbc-encrypt-00.txt. 
This document constitutes a "counter-proposal" to 
    draft-ietf-ipsec-esp-des-cbc-04.txt.
Please understand that the former document is not a "peer" of the
latter, in the sense that the former document functions at a decidedly 
lower level.  It specifies ONLY a transform.   This is quite intentional.  
(It is an implementation of Recommendation 5 of my April 3 comments.)

Why should the lowest-level IPSEC documents describe ONLY a transform? 
(Here I mean "transform" in a technical sense: this is a certain 
particular pair of functions.)  There are several reasons.  One is thta
it is virtually impossible for a cryptographer to assess (or change) the 
proposals' cryptography when it is intermixed with the use of that
cryptography.   

As a consequence of maintaining a rigid abstraction boundary at the level
of a transform, a transform-specifying document should be silent about 
things like the structure of an IP packet.  This is the business of
the higher-level document which uses a transform.  Thus implicit in 
this CBC encryption document is the understanding that 
draft-ietf-ipsec-esp-01.txt be reworked to be truly generic, specifying 
how to use an arbitrary encryption transform to accomplish its job.


Phil Rogaway

CBC encryption document Phil Rogaway