Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting
Sean Turner <turners@ieca.com> Fri, 20 May 2011 12:28 UTC
Return-Path: <turners@ieca.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F8CCE0799 for <ipsec@ietfa.amsl.com>; Fri, 20 May 2011 05:28:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.141
X-Spam-Level:
X-Spam-Status: No, score=-102.141 tagged_above=-999 required=5 tests=[AWL=-0.143, BAYES_00=-2.599, J_CHICKENPOX_54=0.6, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnUIxKQxZLEx for <ipsec@ietfa.amsl.com>; Fri, 20 May 2011 05:28:09 -0700 (PDT)
Received: from nm11-vm0.bullet.mail.bf1.yahoo.com (nm11-vm0.bullet.mail.bf1.yahoo.com [98.139.213.136]) by ietfa.amsl.com (Postfix) with SMTP id CE2B4E0788 for <ipsec@ietf.org>; Fri, 20 May 2011 05:28:04 -0700 (PDT)
Received: from [98.139.212.153] by nm11.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2011 12:28:04 -0000
Received: from [98.139.221.62] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2011 12:28:04 -0000
Received: from [127.0.0.1] by smtp103.biz.mail.bf1.yahoo.com with NNFMP; 20 May 2011 12:28:04 -0000
X-Yahoo-Newman-Id: 301077.75736.bm@smtp103.biz.mail.bf1.yahoo.com
Received: from thunderfish.local (turners@96.231.114.36 with plain) by smtp103.biz.mail.bf1.yahoo.com with SMTP; 20 May 2011 05:28:03 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: YdR25a0VM1l0.fVKAlK40NoF7B1r2Vgr5WMhd6G5OF1dwyL uoCGAf2n.wc0JYiqMu2iyNjFIQRJfyfsE48OV1rexAWnFtaPhnlS7Z40_jtW XmwJyhihaGW8k3O8kuGjnwb7TzS6R94PaMnNQ16g0XYwSzPro9Ivaibxdn3u q7Nxnopr1B9PIVXuaD.weo7XSfN0OqvTCNGcZqleeKWD3lTXN38XPtat_ACq yL1z7BTmiD6dqBSFWbZTPoE9U9o8rB8ZthZgtagjdt4SAFB8PK_3oikvMnUg cAG9a6MmrwTTF6Op7W8QD8CWR6YlYBFwOl7XfseSoRI2I7whqYP6IZ8XbGSG xk.u5F2MxMJgnjeuFjBiDvk9sYpRAnJXzoO1IaoSUAEhEZcrebhYjDqZVo2B 0kASX2ieC680.fm7Z8PrQUloQ0.wcnrdR9b_e9SG1UUrtARfqoegkx4VNXQ- -
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4DD65E52.5020607@ieca.com>
Date: Fri, 20 May 2011 08:28:02 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Xiangyang zhang <xiangyang.zhang@huawei.com>
References: <000301cc0f4a$eb671660$c2354320$@com> <4DD52D97.2010209@ieca.com> <00E6CDB229A4CF4487D6E0326EDE5A030C3A08F4@dfweml502-mbx.china.huawei.com>
In-Reply-To: <00E6CDB229A4CF4487D6E0326EDE5A030C3A08F4@dfweml502-mbx.china.huawei.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Tina Tsou <tena@huawei.com>
Subject: Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2011 12:28:10 -0000
On 5/19/11 6:56 PM, Xiangyang zhang wrote: > Sean, > > Thanks for the comments > > 1. The code will be encapsulated including the copyright. Is the pseudo-code better than actual C code? I think that's up to you. I don't have strong preference either way. > 2. The reference is normative. Figured ;) spt > > Regards > > Xiangyang > > -----Original Message----- > From: Sean Turner [mailto:turners@ieca.com] > Sent: Thursday, May 19, 2011 7:48 AM > To: Tina Tsou > Cc: ipsec@ietf.org; Xiangyang zhang > Subject: Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting > > In section 3 please add the appropriate license for code components > (http://trustee.ietf.org/license-info/IETF-Trust-License-Policy-20091228.pdf). > In a nutshell encapsulate the code with: > > <CODE BEGINS> > code goes here > <CODE ENDS> > > and right after<CODE BEGINS> include the following: > > /* > Copyright (c) 2011 IETF Trust and the persons identified as authors > of this code. All rights reserved. > > THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR > A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT > OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, > SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT > LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, > DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY > THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE > OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > */ > > In section 6 you need to say whether the references are normative or > not. I assume normative. > > spt > > On 5/10/11 3:45 PM, Tina Tsou wrote: >> Hi, >> Victor and I just submitted >> https://datatracker.ietf.org/doc/draft-zhang-ipsecme-anti-replay/ >> >> IPsec anti-replay algorithm without bit-shifting >> >> This document presents a new method to do anti-replay check and >> update, which becomes one alternative to the anti-replay >> algorithm in RFC 4302 and RFC4303. The new method will deem the >> bit-shifting unnecessary. It will reduce the number of times >> to slide the window. In addition, it makes bit-check and >> bit-update easier as it does not depend on the low index of the >> sliding window. It is especially beneficial when the window size >> is much bigger than 64 bits, for example, 1024 bits. >> >> IPsec employs one anti-replay sliding window protocol to secure >> against an adversary that can insert the messages inside the >> network tunnel. This method still inherits the sliding window >> protocol, but use one or more redundant bytes to ease the update >> of sliding window. The bit-shifting is deemed unnecessary with >> updating the high and low index of the window, which is especially >> efficient in case of the big window size. Thus the method reduces >> the number of times to update the window. >> >> In addition, the bit location is fixed for one sequence number, >> thus makes the bit check easier and faster. >> >> Comments are more than welcome. >> >> >> We keep our promises with one another - no matter what! >> >> Best Regards, >> Tina TSOU >> http://tinatsou.weebly.com/contact.html >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> >
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Sean Turner
- [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec an… Tina Tsou
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Xiangyang zhang
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Sean Turner