[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed changes to ESP (andf a little AH too)

To: ji@xxxxxx
Subject: Re: Proposed changes to ESP (andf a little AH too)
From: "Perry E. Metzger" <perry@xxxxxxxxxxxx>
Date: Fri, 21 Mar 1997 17:21:52 -0500
Cc: ipsec@xxxxxxx
In-reply-to: Your message of "Fri, 21 Mar 1997 23:52:56 +0200." <>
Reply-to: perry@xxxxxxxxxxxx
Sender: owner-ipsec@xxxxxxxxxx

John Ioannidis writes:

> I'm all in favour of doing the encryption first and the
> authentication after, so that on receipt we can authenticate before
> we receive, but wasn't there some cryptographic argument against
> that sort of thing? Or was it decided back when we only had the RFC
> 182* transforms that in the case of cascaded transforms, we should
> encapsulate first with AH-MD5 and then with DES-ESP, and that
> carried over into the combined ESP transform?

Back when I was still involved in the drafting of these things (long
ago) I kept asking for input on the cryptographic and other desiderata
for picking one or the other. I got very little feedback. I don't
think the decisions was made consciously. The topic deserves a full
scale discussion...

Perry

References:
- Re: Proposed changes to ESP (andf a little AH too)
  - From: John Ioannidis

Prev by Date: Re: Proposed changes to ESP (andf a little AH too)
Next by Date: Re: Proposed changes to ESP (andf a little AH too)
Previous by thread: Re: Proposed changes to ESP (andf a little AH too)
Next by thread: Re: Proposed changes to ESP (andf a little AH too)
Index(es):
- Date
- Thread