At 11:01 AM 7/30/00 -0400, Timothy Brown wrote:
>Can anyone provide a pointer or helpful information to speak to the
>strength of the encryption capabilities in IPv6? Is it considered
>weak or strong by the crypto community - or somewhere in between?
IPv6 and IPSEC allow you to negotiate which encryption algorithms to use.
Implementations can offer a variety of algorithms,
and the two ends of a connection negotiate which to use,
so you can choose to be as secure or insecure as you want.
Originally, support for single-DES was mandatory,
so there'd be something "secure" to fall back on.
I think that's now been replaced with Triple-DES.
Support for NULL encryption is also available.
In addition to the ESP-mode operations, which do encryption,
there's AH Authenticated-Header mode, which doesn't encrypt,
but does use cryptographic checksumming to validate the packets.
You'd use this for things like firewalls, only allowing authorized
packets and rejecting anything else, where you don't care about
eavesdroppers, only crackers. There have been arguments about
whether this mode is adequate protection.
Then there's the whole IKE key exchange mechanism.
Unlike the simplicity of Photuris, IKE is a mess of twisty little protocols,
and it's not clear whether the NSA's help in developing it needs to be
attributed to malice or just stupidity, with creeping featurism run wild.
The big problem is that all this is difficult to implement;
IPSEC with Photuris could have been done a couple years earlier
with everybody's implementation being compatible.
William Simpson, one of the Photuris authors, had a rant out about it,
which may have been an Internet Draft. Also look for stuff on
ISAKMP and Oakley, the two things that merged to become IKE.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
