From: "Perry E. Metzger" <perry@imsi.com>
Date: Fri, 17 Jun 94 08:38:13 PDT
To: Jef Poskanzer <jef@ee.lbl.gov>
Subject: Re: swipe working on infinity.c2.org
In-Reply-To: <199406171524.IAA00619@hot.ee.lbl.gov>
Message-ID: <9406171538.AA02268@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Jef Poskanzer says:
> When I talked to Phil Karn months ago about IP encryption, he was
> talking about encrypting each packet independently - I guess you have
> to do that with IP since it's not a reliable protocol.

Well, you largely have to. In fact, swIPe doesn't necessarily require
that. swIPe in fact requires very little. :-)

> Maybe you could post a quick summary of the encryption mode used?

There isn't one per se -- at least in the sense that none is
standardized since that would be inappropriate. The kind of encryption
gets negotiated in a protocol at another level. swIPe just defines
packet formats, really.  If you want details, you ought to look at the
internet draft (on the disk, or available from
ftp://research.att.com/dist/mab), the paper (also on the disk and at
research) and the code.

I believe that the prototype on the disk is just using DES in CBC mode
for the moment, but other modes/cyphers have hooks defined for them.
Ports to new platforms, new cyphers, and new functionality are very
welcome, btw.

Perry