Replay counter sizes: AH vs ESP

Marcus Leech <mleech@nortel.ca> Thu, 05 December 1996 22:05 UTC

Received: from cnri by ietf.org id aa19273; 5 Dec 96 17:05 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa25260; 5 Dec 96 17:05 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id QAA29552 for ipsec-outgoing; Thu, 5 Dec 1996 16:55:31 -0500 (EST)
From: Marcus Leech <mleech@nortel.ca>
Message-Id: <199612051931.AA288314281@bcarh6dc.ott.bnr.ca>
Subject: Replay counter sizes: AH vs ESP
To: ipsec@ans.net
Date: Thu, 05 Dec 1996 14:31:21 -0500
Organization: Nortel Technologies, System Security Services
X-Mailer: ELM [version 2.4 PL21]
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

I note in reviewing:

draft-ietf-ipsec-esp-des-md5-03.txt

and

draft-ietf-ipsec-ah-hmac-md5-04.txt

That the counter sizes are different, even though the underlying integrity
  mechanisms are identical (HMAC MD5).  I can see this costing extra
  code in implementations, which wouldn't be necessary if the counters
  were of the same size.

I apologize if I've brought up a long-dead topic, but I haven't been
  paying seriously close attention to the list for the last little
  while.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMqcjB6p9EtiCAjydAQFAjQIAsqltGt7xo40rS4hWYnZC6ffCllnXye++
cQ8cDqyuJX22TbLQcae6TPm/aVu+EH+HWBnnkS2e33bQ/xfqtk9WLA==
=0WXW
-----END PGP SIGNATURE-----

--
----------------------------------------------------------------------
Marcus Leech                   Mail: Dept 4C16, MS 238, CAR
Systems Security Architect     Phone:    (ESN) 393-9145  +1 613 763 9145
Systems Security Services      Fax:      (ESN) 393-7679  +1 613 763 9435
Nortel Technology              mleech@nortel.ca
-----------------Expressed opinions are my own, not my employer's------