Replay counter sizes: AH vs ESP
Marcus Leech <mleech@nortel.ca> Thu, 05 December 1996 22:05 UTC
Received: from cnri by ietf.org id aa19273; 5 Dec 96 17:05 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa25260; 5 Dec 96 17:05 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id QAA29552 for ipsec-outgoing; Thu, 5 Dec 1996 16:55:31 -0500 (EST)
From: Marcus Leech <mleech@nortel.ca>
Message-Id: <199612051931.AA288314281@bcarh6dc.ott.bnr.ca>
Subject: Replay counter sizes: AH vs ESP
To: ipsec@ans.net
Date: Thu, 05 Dec 1996 14:31:21 -0500
Organization: Nortel Technologies, System Security Services
X-Mailer: ELM [version 2.4 PL21]
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
-----BEGIN PGP SIGNED MESSAGE----- I note in reviewing: draft-ietf-ipsec-esp-des-md5-03.txt and draft-ietf-ipsec-ah-hmac-md5-04.txt That the counter sizes are different, even though the underlying integrity mechanisms are identical (HMAC MD5). I can see this costing extra code in implementations, which wouldn't be necessary if the counters were of the same size. I apologize if I've brought up a long-dead topic, but I haven't been paying seriously close attention to the list for the last little while. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMqcjB6p9EtiCAjydAQFAjQIAsqltGt7xo40rS4hWYnZC6ffCllnXye++ cQ8cDqyuJX22TbLQcae6TPm/aVu+EH+HWBnnkS2e33bQ/xfqtk9WLA== =0WXW -----END PGP SIGNATURE----- -- ---------------------------------------------------------------------- Marcus Leech Mail: Dept 4C16, MS 238, CAR Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145 Systems Security Services Fax: (ESN) 393-7679 +1 613 763 9435 Nortel Technology mleech@nortel.ca -----------------Expressed opinions are my own, not my employer's------
- Replay counter sizes: AH vs ESP Marcus Leech