|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: ISCSI: Required Crytographic transforms for iSCSIExcerpt of message (sent 30 August 2001) by Black_David@emc.com: > The good news in the other direction is that we don't need any > additional language to enable Encryption without a MAC - IKE/ISAKMP > allows this by omission of negotiation of the MAC (just to confuse > things, a MAC is an "Authentication Algorithm" in ISAKMP-speak). > Encryption ("Transform" in ISAKMP-speak, includes both the actual > crypto algorithm and its operating mode) negotiation cannot > be omitted for ESP due to design decisions in ESP and ISAKMP, > hence the need to make "NULL encryption" a "MUST implement". Please note that Steve Bellovin has shown (http://www.research.att.com/~smb/papers/badesp.pdf) that this combination is insecure, and the fact that it is "must" in IPSec is definitely controversial. The argument for its existence is that the security hole goes away if the protocols you carry over IPSec happen to have their own cryptographic integrity mechanism at a higher layer AND you check that integrity function in the same system that does the decrypt. Refer to Steve's paper for details, it a pretty one. paul
Home Last updated: Tue Sep 04 01:03:48 2001 6315 messages in chronological order |