IETF Logo Mail Archive

RE: Replay field size in AH

adams@cisco.com (Rob Adams) Sat, 08 February 1997 21:18 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id QAA28030 for ipsec-outgoing; Sat, 8 Feb 1997 16:18:40 -0500 (EST)
Message-ID: <01BC15D4.23743680@Tastid.Cisco.COM>
From: adams@cisco.com
To: naganand@ftp.com, kent@bbn.com
cc: ipsec@tis.com
Subject: RE: Replay field size in AH
Date: Sat, 08 Feb 1997 15:23:55 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Regarless of what we do about alignment, a 64 bit replay field seems simply wrong.
2^64 packets before you wrap? 2^32 seems more than sufficient.  The choice of replay
field length should not be linked to any alignment issues. If we need to align the packet
differently, we should add reserved or mbz fields.  The size of the replay counter should 
be useful and correct for replay alone, and not be sized based on any other issues. 

-Rob

----------
From: 	Stephen Kent[SMTP:kent@bbn.com]
Sent: 	Saturday, February 08, 1997 11:13 AM
To: 	Naganand Doraswamy
Cc: 	ipsec@tis.com
Subject: 	Re: Replay field size in AH

I'd like to hear from Jeff Schiller and the WG chairs re this still open
issue.  My recollection is that there was supposed to be a small meetng to
reolve this after the last IPSEC WG meeting in San Jose.  I observed that
we had two variables affecting aligmment: sequence number size and HMAC
size.  Hugo made a suggestion to truncate the SHA-1 value to 128 bits, to
reduce the number of variables affecting alignment, but I don't recall a
decision on this, nor on the 32 vs. 64 bit sequence number.  We do eed to
nail this down so that the grand unified AH and ESP specs can proceed.

Steve

v2.46.0 | Report a Bug | By Email | System Status