[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: swipe working on infinity.c2.org
Jef Poskanzer says:
> When I talked to Phil Karn months ago about IP encryption, he was
> talking about encrypting each packet independently - I guess you have
> to do that with IP since it's not a reliable protocol.
Well, you largely have to. In fact, swIPe doesn't necessarily require
that. swIPe in fact requires very little. :-)
> Maybe you could post a quick summary of the encryption mode used?
There isn't one per se -- at least in the sense that none is
standardized since that would be inappropriate. The kind of encryption
gets negotiated in a protocol at another level. swIPe just defines
packet formats, really. If you want details, you ought to look at the
internet draft (on the disk, or available from
ftp://research.att.com/dist/mab), the paper (also on the disk and at
research) and the code.
I believe that the prototype on the disk is just using DES in CBC mode
for the moment, but other modes/cyphers have hooks defined for them.
Ports to new platforms, new cyphers, and new functionality are very
welcome, btw.
Perry