[127811] in cryptography@c2.net mail archive
Re: how bad is IPETEE?
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Thu Jul 10 16:16:36 2008
Date: Thu, 10 Jul 2008 10:17:54 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Eugen Leitl <eugen@leitl.org>
Cc: Cryptography List <cryptography@metzdowd.com>
In-Reply-To: <20080710161027.GO9875@leitl.org>
At Thu, 10 Jul 2008 18:10:27 +0200,
Eugen Leitl wrote:
>
>
> In case somebody missed it,
>
> http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE)
>
> I'm not sure what the status of http://postel.org/anonsec/
> is, the mailing list traffic dried up a while back.
This is the first I have heard of this.
That said, some initial observations:
- It's worth asking why, if you're doing per-connection keying,
it makes sense to do this at the IP layer rather than the
TCP/UDP layer.
- Why not simply use TLS or DTLS?
- The uh, novel nature of the cryptographic mechanisms is
pretty scary. Salsa-20? AES-CBC with implicit IV?
A completely new cryptographic handshake? Why not use
IPsec?
- A related idea was proposed a while back (by Lars Eggert,
I believe). See S 6.2.3.1 of:
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tcp-auth-arch.txt
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
