Re: replay field size

Stephen Kent <kent@bbn.com> Thu, 13 February 1997 03:59 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id WAA01850 for ipsec-outgoing; Wed, 12 Feb 1997 22:59:50 -0500 (EST)
X-Sender: kent@po1.bbn.com
Message-Id: <v03007800af283a1fe847@[128.33.229.246]>
In-Reply-To: <199702112043.PAA00838@sloth.ncsl.nist.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 12 Feb 1997 22:29:20 -0500
To: Robert Glenn <glenn@snad.ncsl.nist.gov>
From: Stephen Kent <kent@bbn.com>
Subject: Re: replay field size
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Rob,

	The field has been proposed as an option, not a requirement (though
compliant implementations would be required to support generation and
processing of the option.  As you observe, to simplify the alignment issue,
one could always include the field even if it were not processed, at the
expense of 4 or 8 bytes.

	The question of when to rekey really is independent of the counter
size, except in so far as it not being larger than the counter space.  So,
I'd tend to keep these concepts separate as much as possible.

Steve