From: karthikbalaguru on 17 Dec 2009 13:24 Hi, ESP supports both 'encryption only' and 'authentication only' configurations. Interestingly, the the usage of encryption without authentication is strongly discouraged. So, why should ESP provide the support for 'encryption only' configuration ? Any specific reasons for that configuration ? Any ideas ? Thx in advans, Karthik Balaguru
From: Ilmari Karonen on 17 Dec 2009 14:00 On 2009-12-17, karthikbalaguru <karthikbalaguru79(a)gmail.com> wrote: > Hi, > ESP supports both 'encryption only' and 'authentication only' > configurations. Interestingly, the the usage of encryption without > authentication is strongly discouraged. So, why should ESP > provide the support for 'encryption only' configuration ? Any > specific reasons for that configuration ? Any ideas ? I have no idea about this specific case, but the usual reason for a cryptosystem to provide an encryption-only mode is that authentication might already be provided by another protocol layer. In that case, assuming the existing authentication is properly done, redundant authentication would only waste cycles while achieving nothing useful. -- Ilmari Karonen To reply by e-mail, please replace ".invalid" with ".net" in address.
From: Le Chaud Lapin on 20 Dec 2009 17:49 On Dec 17, 1:00 pm, Ilmari Karonen <usen...(a)vyznev.invalid> wrote: > On 2009-12-17, karthikbalaguru <karthikbalagur...(a)gmail.com> wrote: > > > Hi, > > ESP supports both 'encryption only' and 'authentication only' > > configurations. Interestingly, the the usage of encryption without > > authentication is strongly discouraged. So, why should ESP > > provide the support for 'encryption only' configuration ? Any > > specific reasons for that configuration ? Any ideas ? Generalized authentication is extremely expensive. Any opportunity to avoid it without compromising the system should be taken. > I have no idea about this specific case, but the usual reason for a > cryptosystem to provide an encryption-only mode is that authentication > might already be provided by another protocol layer. In that case, > assuming the existing authentication is properly done, redundant > authentication would only waste cycles while achieving nothing useful. Such as while having a secure conversation with your wife (or husband) over UDP. -Le Chaud Lapin-
From: Scott Fluhrer on 20 Dec 2009 21:26 "karthikbalaguru" <karthikbalaguru79(a)gmail.com> wrote in message news:fb047ed7-8687-403f-8fd7-32e432e9c313(a)m7g2000prd.googlegroups.com... > Hi, > ESP supports both 'encryption only' and 'authentication only' > configurations. Interestingly, the the usage of encryption without > authentication is strongly discouraged. So, why should ESP > provide the support for 'encryption only' configuration ? Any > specific reasons for that configuration ? Any ideas ? When ESP was first designed, it was anticipated that it would often be used in conjunction with AH which would provide the authentication. This has turned out not to be the case (use of AH is quite rare), but the provisions for that are still present. -- poncho
|
Pages: 1 Prev: Diffie Hellman Question Next: Estimating entropy of a stream |