Jerome Etienne's IETF page:

rough consensus and running code !

My current interest is mainly the network security. I enjoy designing and breaking protocol's security. In a moment of madness, i wrote "designing security is playing chess alone, sure to outperform the opponent". The moment is no more but i still like the sentence. I contribute in:

Transport:


IPsec:

I specified the use of the counter mode in the context of ESP. I believe this mode of operation is largely overlooked. Among other advantages, it saves an average of 24 bytes per packet with AES and 12 bytes with DES/3DES compared to the standard CBC with explicit IV. I specified a system of secret iv for ESP. It reduces the bandwidth usage and fixes a small security weakness in the current MUST for ESP (RFC2405.3). It offers a tradeoff which may be attractive: better bandwidth usage and better security versus slightly more CPU processing.

OSPFv2/RIPv2: Security flaws and fixes

I have broken the security of OSPFv2 (4 years old) and RIPv2 (4.5 years old). Based on the same concepts, both are flawed in the same ways. I have designed a solution to fix them: the anti-replay authentication.

RFC2154 security extension of OSPF: found insecure against insiders


ITrace: