IPsec counter mode - are there implementations?

0

Counter mode encryption is potentially more robust against lost packets. It is used in SRTP.

I assume that if I use counter mode, a lost packet causes a lost UDP packet or TCP retransmission instead of total renegotiation of the security context.

I found some RFC drafts describing IPsec counter mode but I have no idea how widely it is really implemented. There is a mention that StrongSwan may have implemented it 2010.

Is IPsec counter mode something I could assume to be found in any standard Cisco endpoint?

Are there essential weaknessess in the counter mode?

etu

Posted 2012-02-15T11:20:37.700

Reputation: 1

Answers

1

Actually, counter mode is used in Cisco for a technology called "Get VPN". All other Cisco VPN use Point-to-Point Crypto VPN transform-set.

You can read more about counter-based techniques in Get VPN here.

Mr.lock

Posted 2012-02-15T11:20:37.700

Reputation: 131

0

http://en.wikipedia.org/wiki/Galois/Counter_Mode

It has nothing to do with TCP-like stuff like resending lost packets etc.

Security - it uses AES, so far not leaking keys in the encrypted stream....

Cisco - You need recent IOS, namely 2011Q2 onwards.

ZaB

Posted 2012-02-15T11:20:37.700

Reputation: 2 365

Asked: 2012-02-15T11:20:37.700

Viewed: 143 times

Active: 2016-09-07T23:35:57.840