Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods

To: ss murthy nittala <ssmurthy.nittala at freescale.com>
Subject: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
From: Dan McDonald <danmcd at sun.com>
Date: Mon, 11 May 2009 10:50:16 -0400
Cc: ipsec at ietf.org
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <200905111446.n4BEk8Xo017104 at az33smr01.freescale.net>
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
Organization: Sun Microsystems, Inc. - Solaris Networking & Security
References: <200905111404.n4BE4Nns002222 at az33smr01.freescale.net> <18952.13961.78245.997197 at fireball.kivinen.iki.fi> <200905111446.n4BEk8Xo017104 at az33smr01.freescale.net>
User-agent: Mutt/1.5.19 (2009-01-05)

On Mon, May 11, 2009 at 08:22:05PM +0530, ss murthy nittala wrote:
>
> The following sentence present in RFC 3602 creates some doubts whether IV 
> in each packet is mandatory or not?
>
> "Including the IV in each datagram ensures that decryption of each
>  received datagram can be performed, even when some datagrams are
>  dropped, or datagrams are re-ordered in transit."

Nothing vague about it at all!  In fact, this paragraph strengthens the
argument Tero made in his note:  Using the previous cipher-text block is a
Bad Idea (TM).

An IP datagram is self-contained, and the IV is mandatory because you can't
start a CBC decryption without one, and there's no other way to get an IV.

Dan

References:
- [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
  - From: ss murthy nittala
- [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
  - From: Tero Kivinen
- Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
  - From: ss murthy nittala

Prev by Date: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Next by Date: Re: [IPsec] Issue #107
Previous by thread: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Next by thread: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Index(es):
- Date
- Thread

Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.