RE: replay field size

Stephen Kent <kent@bbn.com> Thu, 13 February 1997 03:59 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id WAA01843 for ipsec-outgoing; Wed, 12 Feb 1997 22:59:45 -0500 (EST)
X-Sender: kent@po1.bbn.com
Message-Id: <v03007800af27a710f224@[128.33.229.246]>
In-Reply-To: <199702111926.LAA13021@kebe.eng.sun.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 12 Feb 1997 12:09:22 -0500
To: Dan.McDonald@Eng.sun.com
From: Stephen Kent <kent@bbn.com>
Subject: RE: replay field size
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Dan,

	I agree that one can negotiate the counter size during SA
negotiation, so the issues is not one of steady state overhead.  The issue
is one of added complexity in the implementation, which is greater if we
support two counter sizes vs. a single counter size. We can debate just how
much complexity is involved, but first I suggest that we explore what
motivates any added complexity.

Steve