Re: New draft -- IPSEC ESP
mark@mentat.com (Marc Hasson) Tue, 22 July 1997 14:43 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id KAA03912 for ipsec-outgoing; Tue, 22 Jul 1997 10:43:38 -0400 (EDT)
Date: Tue, 22 Jul 1997 07:52:08 -0700
From: mark@mentat.com
Message-Id: <199707221452.HAA03334@feller.mentat.com>
To: ipsec@tis.com
Subject: Re: New draft -- IPSEC ESP
X-Sun-Charset: US-ASCII
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
I haven't read the entire draft yet (I will later today) but skipped straight to this reference due to yesterday's E-mail on the mandatory algorithms: > conjunction with SAs that are manually keyed. A compliant ESP > implementation MUST support the following mandatory-to-implement > algorithms (specified in [KBC97] and in [MS97]. > > - DES in CBC mode > - HMAC with MD5 > - HMAC with SHA-1 > > [MS97] Perry Metzger & W.A. Simpson, "The ESP DES-CBC Transform", > RFC-xxxx, August 1997. Is MS97 the (expected) RFC version of draft-ietf-ipsec-ciph-des-derived-00.txt? If so, the mandatory ESP DES_CBC will use an *implicit* IV, one constructed from the ESP sequence # in the packet ("SN || -SN"). And it will be optional for a key manager to negotiate some other "flavor" of either implicit IV (such as the earlier SPI & SN concatenation for automated key management) or an explicit IV. I'm not an ISAKMP person but I don't believe there is an implicit/explicit IV negotiation parameter there currently though I guess its easy to add more DES transform id variants for different IV handling, if someone thinks thats necessary. I'm *not* suggesting that its necessary, I'm just trying to confirm what I need to finish building so key management and the underlying auth/cipher code can do their jobs... Thanks for any confirmation of the above. -- Marc --
- New draft -- IPSEC ESP Karen Seo
- Re: New draft -- IPSEC ESP Marc Hasson
- Re: New draft -- IPSEC ESP Karen Seo
- Re: New draft -- IPSEC ESP Theodore Y. Ts'o
- Re: New draft -- IPSEC ESP Theodore Y. Ts'o
- Re: New draft -- IPSEC ESP Marc Hasson
- Re: New draft -- IPSEC ESP Theodore Y. Ts'o
- Re: New draft -- IPSEC ESP Stephen Kent