Re: replay field size
Ran Atkinson <rja@inet.org> Thu, 13 February 1997 15:27 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id KAA05668 for ipsec-outgoing; Thu, 13 Feb 1997 10:27:28 -0500 (EST)
Date: Thu, 13 Feb 1997 15:21:16 +0000
From: Ran Atkinson <rja@inet.org>
Subject: Re: replay field size
To: Robert Glenn <glenn@snad.ncsl.nist.gov>, Stephen Kent <kent@bbn.com>
Cc: ipsec@tis.com
X-Mailer: Chameleon ATX 6.0, Standards Based IntraNet Solutions, NetManage Inc.
X-Priority: 3 (Normal)
References: <v03007800af283a1fe847@[128.33.229.246]>
Message-ID: <Chameleon.855847666.rja@c8-a.snvl1.sfba.home.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Steve, As you note, one can rekey more frequently than when the counter runs out. However, the counter size does present an upper bound to the rekey interval. In this way, they are related. This relationship does need to be carefully considered by the working group, IMHO. For example, I am aware of commercial encrypting router products (not cisco) that can handle a full IP stream at OC-3c rates (155 Mbps). Based on the relatively small size of a large percentage of IP datagrams (as measured on a well-known OC-3 trans-Atlantic IP link), this is not a particularly long time interval between rekeys forced by a 32-bit replay counter. By contrast, a 64-bit replay counter would not increase the size of the overall packet because it would just eliminate 32-bits of padding (that would be needed otherwise for IPv6 compliance). However, a 64-bit replay counter would very significantly increase the upper bound and make premature forced rekeying a non-issue for the overwhelming majority of cases. This argues that a 64-bit replay counter would best further the WG's goal of maintaining a set of specifications that work equally well with any cryptographic algorithm. Ran rja@inet.org
- RE: replay field size Roy Shamir
- RE: replay field size Michael J. Oehler
- Re: replay field size Niels Ferguson
- replay field size Derrell Piper
- Re: replay field size Matt Thomas
- RE: replay field size Roy Pereira
- RE: replay field size Ran Atkinson
- RE: replay field size Roy Pereira
- Re: replay field size Tim Bass (IETF)
- RE: replay field size Rob Adams
- Re: replay field size Dan McDonald
- RE: replay field size Ran Atkinson
- Re: replay field size Robert Glenn
- RE: replay field size Roy Pereira
- RE: replay field size Dan McDonald
- Re: replay field size Germano Caronni
- Re: replay field size John Keating
- Re: replay field size Derrell Piper
- Re: replay field size Ran Atkinson
- Re: replay field size wei
- RE: replay field size Stephen Kent
- Re: replay field size Matt Thomas
- RE: replay field size Phil Karn
- Re: replay field size Theodore Y. Ts'o
- Re: replay field size Perry E. Metzger
- Re: replay field size Niels Ferguson
- Re: replay field size Bill Sommerfeld
- Re: replay field size Theodore Y. Ts'o
- Re: replay field size Uri Blumenthal
- RE: replay field size Bob Monsour
- RE: replay field size Stephen Kent
- RE: replay field size Stephen Kent
- Re: replay field size Stephen Kent
- Re: replay field size Stephen Kent
- Re: replay field size Ran Atkinson
- Re: replay field size Steven Bellovin
- Re: replay field size Ran Atkinson
- Re: replay field size Jim Thompson
- Re: replay field size Bart Preneel