Re: replay field size

Matt Thomas <matt@lkg.dec.com> Mon, 10 February 1997 01:44 UTC

Received: from cnri by ietf.org id aa01160; 9 Feb 97 20:44 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa00858; 9 Feb 97 20:44 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id UAA04949 for ipsec-outgoing; Sun, 9 Feb 1997 20:31:59 -0500 (EST)
Message-Id: <3.0.32.19970209202505.00688254@netrix.lkg.dec.com>
X-Sender: mthomas@netrix.lkg.dec.com
X-Mailer: Windows Eudora Pro Version 3.0 Demo (32)
Date: Sun, 09 Feb 1997 20:25:34 -0500
To: ipsec@tis.com
From: Matt Thomas <matt@lkg.dec.com>
Subject: Re: replay field size
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

At 04:44 PM 2/8/97 -0800, Derrell Piper wrote:
>There was clear consensus at the ANX IPSEC bakeoff last week to make the
>size of the replay field 32-bits for both AH and ESP.  If we _must_ have
>alignment for IPv4 IPSEC then the additional bits should be specified as
>alignment.  No one wants to do 64-bit math for replay computation.  It's
>silly.  In my opinion, IPv4 is misaligned for 64-bit hardware anyway and I
>don't see the point of aligning the fields just to keep the protocol
>consistent with IPv6.

IPv6 headers need to be 8-byte aligned.  Thus AH header must be a multiple
of 8-bytes in length.  For IPv4, a multiple of 4-bytes is fine.  The AH
data doesn't have to be 8-byte aligned.  [The destination option header
comes after the AH and can contain options that require 8-byte alignment].

>I don't think this issue needs the Security AD to resolve.  I think we
>already have consensus.  Let's hear now from anyone who absolutely must
>have 64 bits or else move to revise AH and ESP to reflect consensus.  We
>have much more interesting things to argue about.

All I want is that the AH header in IPv6 packets to be a multiple of 8-bytes
in length.  A 32-bit replay field is fine.  I don't even care where the
padding is (it would be nice if it were in a standard place), just that
it exists.

-- 
Matt Thomas                      Internet:   matt@lkg.dec.com
UNIX Networking                  WWW URL:    http://ftp.digital.com/%7Ethomas/
Digital Equipment Corporation    Disclaimer: This message reflects my own
Littleton, MA                                warped views, etc.