[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)

To: Niels Provos <provos@citi.umich.edu>
Subject: Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
From: Craig Metz <cmetz@inner.net>
Date: Tue, 02 Mar 1999 14:58:02 -0500
Cc: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>,tech@openbsd.org

In message <199903021704.KAA01661@openbsd.cs.colorado.edu>, you write:
>You forgot to specify the IV for the transforms. PF_ENCAP was
>able to do IV-less mode by deriving an IV from the packet headers.
>We dont do that any more with PFKEYv2.

  This can be expressed in PF_KEYv2 with an IV length of zero. Though deriving
an IV from anything else in the packet is probably not a good idea from a
crypto point of view.

									-Craig

References:
- Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
  - From: Niels Provos <provos@citi.umich.edu>

Prev by Date: Re: vanilla OpenBSD 2.4 w/ IPFilter 3.2.10
Next by Date: Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
Prev by thread: Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
Next by thread: Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
Index(es):
- Date
- Thread