IETF Logo Mail Archive

Re: replay field size

Robert Glenn <glenn@snad.ncsl.nist.gov> Tue, 11 February 1997 20:50 UTC

Received: from cnri by ietf.org id aa29956; 11 Feb 97 15:50 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa22674; 11 Feb 97 15:50 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA19968 for ipsec-outgoing; Tue, 11 Feb 1997 15:39:02 -0500 (EST)
From: Robert Glenn <glenn@snad.ncsl.nist.gov>
Date: Tue, 11 Feb 1997 15:43:11 -0500
Message-Id: <199702112043.PAA00838@sloth.ncsl.nist.gov>
To: ipsec@tis.com
Subject: Re: replay field size
Cc: rob.glenn@nist.gov
Sender: owner-ipsec@ex.tis.com
Precedence: bulk


1. Should AH and ESP both have a fixed size replay counter ? (Yes/No/Don't Care)

	I'm in favor of making replay prevention optional.  I realize
	that this isn't keeping with KISS, but I remained unconvinced
	of the utility of replay prevention within IP and I'm concerned
	about the added complexity this field adds to the IPSEC
	process.

	Making this field optional can be done by making the field a
	fixed size and simply ignoring it when not in use instead of
	excluding it (non-fixed size=0).  So for now, ...Don't Care
	with an inclination toward Yes.

2. If they have a fixed size counter, what size should it be? (32 bits/64 bits)
   
	I'd rather have 64 bits with the ability to negotiate the
	number of bits out of the 64 to use for re-keying purposes.
	Along these lines, 0 would be an allowable value.  This could
	even be worded that you MUST support 0-32 bits and SHOULD
	support 33-64 bits.

3. Should SHA-1 output be truncated to 128 bits from 160 bits ? (Yes/No/Don't Care)
	Actually, I don't care, but I'm inclined to go with truncation.


Rob G.

v2.46.0 | Report a Bug | By Email | System Status