[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-avt-srtp - The Secure Real-time Transport Protocol to Proposed Standard
- To: Russ Housley <housley@vigilsec.com>
- Subject: Re: Evaluation: draft-ietf-avt-srtp - The Secure Real-time Transport Protocol to Proposed Standard
- From: "Steven M. Bellovin" <smb@research.att.com>
- Date: Mon, 23 Jun 2003 15:44:36 -0400
- Cc: Internet Engineering Steering Group <iesg@ietf.org>
In message <5.2.0.9.2.20030623153256.045d49b8@mail.binhost.com>, Russ Housley w
rites:
>Steve:
>
> From section 4.1, I learn that:
>
> * k_e is the session encryption key
> * k_s is the session salting key
>
>Thus, I do not think that k_s is ever used as an AES key. Rather, it is
>only used in the creation of the IV value, and k_e is the AES key. I do
>not think there is any security issue with the IV being known. The k_s is
>being added to make it difficult to mount a precomputation attack.
>
>If this is your only concern, then I think you should withdraw your DISCUSS.
>
I cleared it a while ago.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)