RE: ISCSI: Required Crytographic transforms for iSCSI

To: Black_David@emc.com
Subject: RE: ISCSI: Required Crytographic transforms for iSCSI
From: Paul Koning <pkoning@jlc.net>
Date: Fri, 31 Aug 2001 16:10:55 -0400
Cc: bill@sanera.net, ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <277DD60FB639D511AC0400B0D068B71ECAD68E@CORPMX14>
Sender: owner-ips@ece.cmu.edu

Excerpt of message (sent 30 August 2001) by Black_David@emc.com:
> The good news in the other direction is that we don't need any
> additional language to enable Encryption without a MAC - IKE/ISAKMP
> allows this by omission of negotiation of the MAC (just to confuse
> things, a MAC is an "Authentication Algorithm" in ISAKMP-speak).
> Encryption ("Transform" in ISAKMP-speak, includes both the actual
> crypto algorithm and its operating mode) negotiation cannot
> be omitted for ESP due to design decisions in ESP and ISAKMP,
> hence the need to make "NULL encryption" a "MUST implement".

Please note that Steve Bellovin has shown
(http://www.research.att.com/~smb/papers/badesp.pdf) that this
combination is insecure, and the fact that it is "must" in IPSec is
definitely controversial.  The argument for its existence is that the
security hole goes away if the protocols you carry over IPSec happen
to have their own cryptographic integrity mechanism at a higher layer
AND you check that integrity function in the same system that does the
decrypt.

Refer to Steve's paper for details, it a pretty one.

      paul

References:
- RE: ISCSI: Required Crytographic transforms for iSCSI
  - From: Black_David@emc.com

Prev by Date: Re: IPS Draft charter revision
Next by Date: RE: ISCSI: Required Crytographic transforms for iSCSI
Prev by thread: RE: ISCSI: Required Crytographic transforms for iSCSI
Next by thread: RE: ISCSI: Required Crytographic transforms for iSCSI
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:03:48 2001
6315 messages in chronological order