how bad is IPETEE?

Eric Rescorla ekr at networkresonance.com
Thu Jul 10 13:17:54 EDT 2008


At Thu, 10 Jul 2008 18:10:27 +0200,
Eugen Leitl wrote:
> 
> 
> In case somebody missed it, 
> 
> http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE)
>
> I'm not sure what the status of http://postel.org/anonsec/
> is, the mailing list traffic dried up a while back.

This is the first I have heard of this.

That said, some initial observations:

- It's worth asking why, if you're doing per-connection keying,
  it makes sense to do this at the IP layer rather than the
  TCP/UDP layer. 

- Why not simply use TLS or DTLS?

- The uh, novel nature of the cryptographic mechanisms is
  pretty scary. Salsa-20? AES-CBC with implicit IV?
  A completely new cryptographic handshake? Why not use
  IPsec?

- A related idea was proposed a while back (by Lars Eggert,
  I believe). See S 6.2.3.1 of:

  https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tcp-auth-arch.txt

-Ekr



  

  

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list