Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Encryption & Authentication

2 views
Skip to first unread message

karthikbalaguru

unread,
Dec 17, 2009, 1:24:47 PM12/17/09
to
Hi,
ESP supports both 'encryption only' and 'authentication only'
configurations. Interestingly, the the usage of encryption without
authentication is strongly discouraged. So, why should ESP
provide the support for 'encryption only' configuration ? Any
specific reasons for that configuration ? Any ideas ?

Thx in advans,
Karthik Balaguru

Ilmari Karonen

unread,
Dec 17, 2009, 2:00:43 PM12/17/09
to

I have no idea about this specific case, but the usual reason for a
cryptosystem to provide an encryption-only mode is that authentication
might already be provided by another protocol layer. In that case,
assuming the existing authentication is properly done, redundant
authentication would only waste cycles while achieving nothing useful.

--
Ilmari Karonen
To reply by e-mail, please replace ".invalid" with ".net" in address.

Le Chaud Lapin

unread,
Dec 20, 2009, 5:49:46 PM12/20/09
to
On Dec 17, 1:00 pm, Ilmari Karonen <usen...@vyznev.invalid> wrote:

> On 2009-12-17, karthikbalaguru <karthikbalagur...@gmail.com> wrote:
>
> > Hi,
> > ESP supports both 'encryption only' and 'authentication only'
> > configurations. Interestingly, the the usage of encryption without
> > authentication is strongly discouraged. So, why should ESP
> > provide the support for 'encryption only' configuration ? Any
> > specific reasons for that configuration ? Any ideas ?

Generalized authentication is extremely expensive. Any opportunity to
avoid it without compromising the system should be taken.

> I have no idea about this specific case, but the usual reason for a
> cryptosystem to provide an encryption-only mode is that authentication
> might already be provided by another protocol layer.  In that case,
> assuming the existing authentication is properly done, redundant
> authentication would only waste cycles while achieving nothing useful.

Such as while having a secure conversation with your wife (or husband)
over UDP.

-Le Chaud Lapin-

Scott Fluhrer

unread,
Dec 20, 2009, 9:26:06 PM12/20/09
to

"karthikbalaguru" <karthikb...@gmail.com> wrote in message
news:fb047ed7-8687-403f...@m7g2000prd.googlegroups.com...

When ESP was first designed, it was anticipated that it would often be used
in conjunction with AH which would provide the authentication. This has
turned out not to be the case (use of AH is quite rare), but the provisions
for that are still present.

--
poncho

0 new messages