SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-I



    >>>>> "Bernard" == Bernard Aboba <bernard_aboba@hotmail.com> writes:
    
     Bernard> In our analysis of algorithms, we have been constrained by
     Bernard> the transforms existing or under development by IPsec WG. In
     Bernard> general, the IPsec WG takes it lead from NIST/ANSI, which
     Bernard> looks not only at performance and implementability in
     Bernard> hardware and software, but also security and intellectual
     Bernard> property issues. 
    
    And indeed there are IP concerns relating to several of the proposed
    "new modes".  One of them is subject to a license fee that appears to
    be documented (not zero, not really close to zero, but arguably
    tolerable).  Another is subject to a "reasonable and
    non-discriminatory" statement from the owner, but I have seen the
    default licensing terms from that company in the past and would not
    agree that the phrase "reasonable" applies.  
    
     Bernard> ...Given that 3DES-CBC-I has already been standardized by ANSI,
     Bernard> it may be feasible to get an IPsec transform document
     Bernard> written and adopted as a work item by IPsec WG. If this can
     Bernard> happen, then it would be possible to argue the merits of
     Bernard> this algorithm versus the other ones under
     Bernard> consideration. Given the prevalence of 3DES-CBC however, I
     Bernard> suspect that the argument would be over whether 3DES-CBC-I
     Bernard> would become a MAY or a SHOULD implement, rather than a
     Bernard> MUST.
    
    CBC-I is no less a hardware change than any other new mode.  So it's
    not clear why it would be useful to work on that rather than on other
    new modes.  Perhaps if there aren't IP issues with it?
    
    Given that IPSec acts at the datagram level, you can do interleaving
    on a packet basis.  In a high speed implementation, it is reasonable
    to expect that there are several packets awaiting processing at a
    time.  If so, they can each be run through separate processing
    elements.  So the CBC bottleneck applies within a packet but not
    across packets.  That's not to say that new modes aren't interesting
    -- but it says that you can continue to improve performance in the
    meantime. 
    
         paul
    
    


Home

Last updated: Tue Dec 04 19:17:48 2001
7995 messages in chronological order