ipsec-5 Page:2
1
2
3
4
5
6
7
Security Analysis
Goal: raise issues for discussion by WG
Summary:
CM can be implemented securely
Properties are different, but not worse
However, CM is more vulnerable to precomputation attacks
Lacks per-packet random input like CBC
PPT Version