Slicing and Dicing in new-esp
Bill Sommerfeld <sommerfeld@apollo.hp.com> Thu, 10 April 1997 23:25 UTC
Received: from cnri by ietf.org id aa26375; 10 Apr 97 19:25 EDT
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa22678; 10 Apr 97 19:25 EDT
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id TAA00188 for ipsec-outgoing; Thu, 10 Apr 1997 19:13:51 -0400 (EDT)
Message-Id: <199704102118.RAA06537@thunk.ch.apollo.hp.com>
X-Authentication-Warning: thunk.ch.apollo.hp.com: sommerfeld owned process doing -bs
To: ipsec@tis.com
Subject: Slicing and Dicing in new-esp
Date: Thu, 10 Apr 1997 17:18:25 -0400
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
The new esp draft, draft-ietf-ipsec-new-esp-00.txt, has two "slots" into which algorithms can be plugged -- an encryption slot, and an integrity slot. This is somewhat different from the previous monolithic transform architecture in the Hughes draft. The consensus on slice & dice at the meeting today was that transforms get one key, and are responsible for dividing the "key blob" between the various uses they have for it. In the case of new-esp, we have a hierarchical arrangement, with ESP in the middle, key management above, and algorithms beneath; the new-esp document really defines both ESP and a "meta" transform. I presume that the new-esp meta-transform gets a (single) key blob from "above" and needs to break it up and pass "key blobs" down into the algorithms which plug into it. Now, there are certain, obvious to a non-cryptographer, problems with passing the exact same blob to both algorithms. I believe that the right thing to do here is to specify that new-ESP is responsible for dividing the blob into two pieces and feeding one to the encryption algorithm and the other into the integrity algorithm; the individual algorithms are resposible for any relevant algorithmic-specific key processing. - Bill
- Slicing and Dicing in new-esp Bill Sommerfeld
- Re: Slicing and Dicing in new-esp Michael Richardson
- Re: Slicing and Dicing in new-esp Ran Canetti
- Re: Slicing and Dicing in new-esp Angelos D. Keromytis
- Re: Slicing and Dicing in new-esp Hilarie Orman
- Re: Slicing and Dicing in new-esp Hilarie Orman
- RE: Slicing and Dicing in new-esp Rob Adams
- Re: Slicing and Dicing in new-esp Bill Sommerfeld
- Re: Slicing and Dicing in new-esp Ran Canetti
- Re: Slicing and Dicing in new-esp Naganand Doraswamy