Re: ESP Qs

"Derrell D. Piper" <ddp@network-alchemy.com> Thu, 28 May 1998 15:31 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA27832 for ipsec-outgoing; Thu, 28 May 1998 11:31:21 -0400 (EDT)
Message-Id: <199805281544.IAA07785@gallium.network-alchemy.com>
To: Stephen Waters <Stephen.Waters@digital.com>
cc: ipsec@tis.com
Subject: Re: ESP Qs
In-reply-to: Your message of "Wed, 27 May 1998 23:39:07 BST." <250F9C8DEB9ED011A14D08002BE4F64C01959167@wade.reo.dec.com>
Date: Thu, 28 May 1998 08:44:05 -0700
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Hi,

> 1) Does IKE support indicating that anti-replay is not offered ( r to i
> ), i.e. that the ESP sequence number will not be checked?

The DOI includes a method for the responder to indicate whether or not he has
chosen to do anti-replay.  See Section 4.6.3.2 (REPLAY-STATUS).  See also the
archives for a whole lot of painful background on this issue...

> 2) If the sender (same as initiator?) is told that there is no checking,
> should it leave the sequence number at zero?

The achitecture says that the anti-replay sequence is always present even when
the receiver chooses not to perform anti-replay detection.

> 3) In the case of manual-keying - when anti-replay SHOULD NOT be used,
> should the value of Sequence number be left zero?

No, it just means that the sequence counter is allowed to wrap...

> 4) The IPSEC DOI seems to suggest that implicit IV is the ONLY MUST,
> with explicit IV as the 'old way'.  Most implementations I've seen only
> support explicit IV.

I'm not sure where you got this.  ESP_DES is listed as the only ESP MUST and
uses the cipher transform defined in:

  [DES] Madson, C., Doraswamy, N., "The ESP DES-CBC Cipher Algorithm With 
  Explicit IV," draft-ietf-ipsec-ciph-des-expiv-02.txt.

Derrell