Re: how bad is IPETEE?

At Thu, 10 Jul 2008 18:10:27 +0200,
Eugen Leitl wrote:
>
>
> In case somebody missed it,
>
> http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE)
>
> I'm not sure what the status of http://postel.org/anonsec/
> is, the mailing list traffic dried up a while back.

This is the first I have heard of this.

That said, some initial observations:

- It's worth asking why, if you're doing per-connection keying,
it makes sense to do this at the IP layer rather than the
TCP/UDP layer.

- Why not simply use TLS or DTLS?

- The uh, novel nature of the cryptographic mechanisms is
pretty scary. Salsa-20? AES-CBC with implicit IV?
A completely new cryptographic handshake? Why not use
IPsec?

- A related idea was proposed a while back (by Lars Eggert,
I believe). See S 6.2.3.1 of:

https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tcp-auth-arch.txt

-Ekr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com