Hi all,
I have submitted a new version of the Internet draft
about using CLEFIA in IPsec and IKE.
This draft is available at
http://tools.ietf.org/html/draft-katagi-ipsecme-clefia-00.
CLEFIA is a 128-bit block cipher, which is designed in 2007.
The security of CLEFIA has been well evaluated thr
Yoav... the answer is either! Za needs to pass a packet to Host 2, it may be
between a gateway, may be running IPSec itself, or may be unable to receive
encrypted packets at all. As with RFC 4322, you would need a policy to
determine behaviour when an encrypted channel can't be achieved, but th
It does.
But then, both I and MCR agree that RFC 4322 in its present form is not
the answer, but a second edition (as in "rfc4322bis") might be.
Do you think a discovery process based on DNS could be acceptable? I have
never registered a domain, but I know how one could publish records for an
FQD
I was not intending to be, (I have no ticket as yet), but plans might change.
It seems like Chris has all of the requirements of OE, and there is all
of the challenges. IPv6 and homenet might well provide FDQNs for hosts,
and a trusted path to update the reverse.
If DNS does not work for you, th
Hello,
I am facing some problem in calculating md5-challenge response.
What I am doing is simply MD5(Identifier | | ).
The challenge response is somehow wrong.
Is it correct to say that Challenge value used as input to md5 is the
same value what is in the EAP payload (type md5-challenge
At 8:15 PM -0600 10/19/11, Kevin Gross wrote:
We don't need decrypt and encrypt to take the same amount of time.
We need encrypt+decrypt from master to slave to take the same time
as encrypt+decrypt from slave to master.
That further reduces the likely variance that is algorithm or mode specif
On Tue, Oct 18, 2011 at 10:37 AM, Tim Frost wrote:
> I think most of the reviewers are missing the point of this draft.
>
> The point is not that the timing packets are inherently secret and need
> encryption, but that the 3GPP architecture mandates that EVERYTHING flowing
> to the femtocell mus
On Mon, Oct 24, 2011 at 1:38 PM, Doug Arnold wrote:
> This debate has been going on since before the PTP v2 standard was released,
> and the consensus in the timing community agrees with you. Timing packets do
> not need to be encrypted. Authentication would be a more appropriate
> security m
On Mon, Oct 24, 2011 at 6:19 PM, Doug Arnold wrote:
> I don't agree that it is incumbent on those preparing a draft on PTP over
> IPsec to show the need. The wireless system architects have already said
> they want this. If someone disagrees, they are the ones who need to explain
> why an exc
