RE: replay field size straw poll

Stephen Kent <kent@bbn.com> Tue, 11 February 1997 20:34 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA19741 for ipsec-outgoing; Tue, 11 Feb 1997 15:34:01 -0500 (EST)
X-Sender: kent@po1.bbn.com
Message-Id: <v03007801af267ca0d15a@[128.33.229.235]>
In-Reply-To: <199702111417.JAA10584@argon.ncsc.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 11 Feb 1997 14:50:39 -0500
To: dpkemp@missi.ncsc.mil
From: Stephen Kent <kent@bbn.com>
Subject: RE: replay field size straw poll
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

David,

	I concurr with all three of your points re anti-replay field size
and hash size.  I'd also like to add the observation that I think we will
have errors in implementations of the anti-replay windows, because of the
need for the modular arithmetic (since we are not starting the counters at
0 or 1).  So, having a single size counter for both AH and ESP may further
minimize the time it will take to get the bugs out of this code.

	As editor for the AH and ESP specs, based on the traffic I've seen
this last 2 weeks, I'm planing to go with 32-bit counters for both and to
assume that the HMAC value will be 128 bits, to help resolve the alignment
problem.  If there are strong objections to this tact, I'd like to hear by
2/14.

Steve