On Wed, Sep 11, 2013 at 06:51:16PM -0400, Perry E. Metzger wrote:
> It occurs to me that specifying IVs for CBC mode in protocols
> like IPsec, TLS, etc. be generated by using a block cipher in counter
> mode and that the IVs be implicit rather than transmitted kills two
> birds with one stone.
>
On 09/12/2013 03:15 AM, Perry E. Metzger wrote:
On Wed, 11 Sep 2013 20:01:28 -0400 Jerry Leichter
wrote:
...Note that if you still transmit the IVs, a misimplemented
client could still interoperate with a malicious counterparty
that did not use the enforced method for IV calculation. If you
don
On Thu, 12 Sep 2013 17:41:56 +0300 Yaron Sheffer
wrote:
> On 09/12/2013 03:15 AM, Perry E. Metzger wrote:
> > On Wed, 11 Sep 2013 20:01:28 -0400 Jerry Leichter
> > wrote:
> >>> ...Note that if you still transmit the IVs, a misimplemented
> >>> client could still interoperate with a malicious coun
On Wed, 11 Sep 2013 20:01:28 -0400 Jerry Leichter
wrote:
> > ...Note that if you still transmit the IVs, a misimplemented
> > client could still interoperate with a malicious counterparty
> > that did not use the enforced method for IV calculation. If you
> > don't transmit the IVs at all but calc
On Sep 11, 2013, at 6:51 PM, Perry E. Metzger wrote:
> It occurs to me that specifying IVs for CBC mode in protocols
> like IPsec, TLS, etc. be generated by using a block cipher in counter
> mode and that the IVs be implicit rather than transmitted kills two
> birds with one stone.
Of course, now y