Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting
Xiangyang zhang <xiangyang.zhang@huawei.com> Thu, 19 May 2011 22:56 UTC
Return-Path: <xiangyang.zhang@huawei.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9252E06E0 for <ipsec@ietfa.amsl.com>; Thu, 19 May 2011 15:56:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FMDKRS425WXL for <ipsec@ietfa.amsl.com>; Thu, 19 May 2011 15:56:17 -0700 (PDT)
Received: from usaga02-in.huawei.com (usaga02-in.huawei.com [206.16.17.70]) by ietfa.amsl.com (Postfix) with ESMTP id DFD16E068B for <ipsec@ietf.org>; Thu, 19 May 2011 15:56:17 -0700 (PDT)
Received: from huawei.com (localhost [127.0.0.1]) by usaga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LLG009ZFT1RF2@usaga02-in.huawei.com> for ipsec@ietf.org; Thu, 19 May 2011 15:56:15 -0700 (PDT)
Received: from dfweml202-edg.china.huawei.com ([172.18.9.108]) by usaga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPS id <0LLG00368T1R9W@usaga02-in.huawei.com> for ipsec@ietf.org; Thu, 19 May 2011 15:56:15 -0700 (PDT)
Received: from DFWEML402-HUB.china.huawei.com (10.193.5.102) by dfweml202-edg.china.huawei.com (172.18.9.108) with Microsoft SMTP Server (TLS) id 14.1.270.1; Thu, 19 May 2011 15:56:16 -0700
Received: from DFWEML502-MBX.china.huawei.com ([fe80::1086:4a1f:19fa:9025]) by DFWEML402-HUB.china.huawei.com ([::1]) with mapi id 14.01.0270.001; Thu, 19 May 2011 15:56:12 -0700
Date: Thu, 19 May 2011 22:56:12 +0000
From: Xiangyang zhang <xiangyang.zhang@huawei.com>
In-reply-to: <4DD52D97.2010209@ieca.com>
X-Originating-IP: [10.193.34.108]
To: Sean Turner <turners@ieca.com>, Tina Tsou <tena@huawei.com>
Message-id: <00E6CDB229A4CF4487D6E0326EDE5A030C3A08F4@dfweml502-mbx.china.huawei.com>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-language: en-US
Content-transfer-encoding: 7bit
Accept-Language: en-US
Thread-topic: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting
Thread-index: AcwPStKwaGbJjd6kR22PFAz3m8+OrwHI5PiAAAHqaMA=
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
References: <000301cc0f4a$eb671660$c2354320$@com> <4DD52D97.2010209@ieca.com>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2011 22:56:18 -0000
Sean, Thanks for the comments 1. The code will be encapsulated including the copyright. Is the pseudo-code better than actual C code? 2. The reference is normative. Regards Xiangyang -----Original Message----- From: Sean Turner [mailto:turners@ieca.com] Sent: Thursday, May 19, 2011 7:48 AM To: Tina Tsou Cc: ipsec@ietf.org; Xiangyang zhang Subject: Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting In section 3 please add the appropriate license for code components (http://trustee.ietf.org/license-info/IETF-Trust-License-Policy-20091228.pdf). In a nutshell encapsulate the code with: <CODE BEGINS> code goes here <CODE ENDS> and right after <CODE BEGINS> include the following: /* Copyright (c) 2011 IETF Trust and the persons identified as authors of this code. All rights reserved. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ In section 6 you need to say whether the references are normative or not. I assume normative. spt On 5/10/11 3:45 PM, Tina Tsou wrote: > Hi, > Victor and I just submitted > https://datatracker.ietf.org/doc/draft-zhang-ipsecme-anti-replay/ > > IPsec anti-replay algorithm without bit-shifting > > This document presents a new method to do anti-replay check and > update, which becomes one alternative to the anti-replay > algorithm in RFC 4302 and RFC4303. The new method will deem the > bit-shifting unnecessary. It will reduce the number of times > to slide the window. In addition, it makes bit-check and > bit-update easier as it does not depend on the low index of the > sliding window. It is especially beneficial when the window size > is much bigger than 64 bits, for example, 1024 bits. > > IPsec employs one anti-replay sliding window protocol to secure > against an adversary that can insert the messages inside the > network tunnel. This method still inherits the sliding window > protocol, but use one or more redundant bytes to ease the update > of sliding window. The bit-shifting is deemed unnecessary with > updating the high and low index of the window, which is especially > efficient in case of the big window size. Thus the method reduces > the number of times to update the window. > > In addition, the bit location is fixed for one sequence number, > thus makes the bit check easier and faster. > > Comments are more than welcome. > > > We keep our promises with one another - no matter what! > > Best Regards, > Tina TSOU > http://tinatsou.weebly.com/contact.html > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Sean Turner
- [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec an… Tina Tsou
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Xiangyang zhang
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Sean Turner