Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting
Sean Turner <turners@ieca.com> Thu, 19 May 2011 14:47 UTC
Return-Path: <turners@ieca.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACD15E06DD for <ipsec@ietfa.amsl.com>; Thu, 19 May 2011 07:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.268
X-Spam-Level:
X-Spam-Status: No, score=-101.268 tagged_above=-999 required=5 tests=[AWL=-1.084, BAYES_40=-0.185, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SrgOWM+Dr4-R for <ipsec@ietfa.amsl.com>; Thu, 19 May 2011 07:47:57 -0700 (PDT)
Received: from nm13-vm0.bullet.mail.bf1.yahoo.com (nm13-vm0.bullet.mail.bf1.yahoo.com [98.139.213.79]) by ietfa.amsl.com (Postfix) with SMTP id A6564E06A1 for <ipsec@ietf.org>; Thu, 19 May 2011 07:47:57 -0700 (PDT)
Received: from [98.139.212.151] by nm13.bullet.mail.bf1.yahoo.com with NNFMP; 19 May 2011 14:47:54 -0000
Received: from [98.139.212.221] by tm8.bullet.mail.bf1.yahoo.com with NNFMP; 19 May 2011 14:47:54 -0000
Received: from [127.0.0.1] by omp1030.mail.bf1.yahoo.com with NNFMP; 19 May 2011 14:47:54 -0000
X-Yahoo-Newman-Id: 537054.44106.bm@omp1030.mail.bf1.yahoo.com
Received: (qmail 32141 invoked from network); 19 May 2011 14:47:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1305816473; bh=dn2FO4NuLXMiKlb7gES37BbFroHt1tdgIn6so2okRnY=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=bPQTylF9UaUbkmi6PJocZAl49c1eL6hSTflHc/SM4SVSabr7dCDwKkFylo4q+72co+dZAS0Hw9xCxgoIv7In6S0F2SRZEFCNh5z9NNZsniqJIrNGRu1jqNUeqQZ5DRvpyStHRpFMm6S6YRmhKIiv10tLa1IZ9fUSq/PRlDIOR4Q=
Received: from thunderfish.local (turners@96.231.126.154 with plain) by smtp114.biz.mail.mud.yahoo.com with SMTP; 19 May 2011 07:47:53 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: 7KkEhqQVM1mQ0Wq8Ad6plzTTimKKneb61piLqHeSQTky96g V14YHVf3aZQU9gbePpV1FH7fWIpt9xgPw2R4mXlOP_hYG3_b9VcTIHT3yrTQ VoYr.3QHnYRCsNAwLtY05GNeJGV_wbiM8U6jbAJMv_ovW8NxqJZ7hIoIdDKz kutYwiD066rqYUsTyL8Sqj.ziLTN26cOpx4oq5B1_bsajNw_4Bn_sWb8hSR9 leLLtM0yDpEKrwY7y.iBnF73npdZ4ejXEFkY51q5ricd_D4WTaZPO.CCsEru b..Shtt2Py9dCmGtO0KdF0ySu7BPA8o.21tvgbJb_Af_NwF_oEe9UoUnX_2a jZQJR437SaylDfE_31mMxXvk7WyDveeoMBIUYLLe1AvjIFNumGTxfmah18OI Sgnjira8nQ8RwLCWeZ5SYctvHBOOSqfOvRFyGveSviF6vtEjllgN4gYoCFpi dIHyW
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4DD52D97.2010209@ieca.com>
Date: Thu, 19 May 2011 10:47:51 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Tina Tsou <tena@huawei.com>
References: <000301cc0f4a$eb671660$c2354320$@com>
In-Reply-To: <000301cc0f4a$eb671660$c2354320$@com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ipsec@ietf.org, 'Xiangyang zhang' <xiangyang.zhang@huawei.com>
Subject: Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec anti-replay algorithm without bit-shifting
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2011 14:47:58 -0000
In section 3 please add the appropriate license for code components (http://trustee.ietf.org/license-info/IETF-Trust-License-Policy-20091228.pdf). In a nutshell encapsulate the code with: <CODE BEGINS> code goes here <CODE ENDS> and right after <CODE BEGINS> include the following: /* Copyright (c) 2011 IETF Trust and the persons identified as authors of this code. All rights reserved. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ In section 6 you need to say whether the references are normative or not. I assume normative. spt On 5/10/11 3:45 PM, Tina Tsou wrote: > Hi, > Victor and I just submitted > https://datatracker.ietf.org/doc/draft-zhang-ipsecme-anti-replay/ > > IPsec anti-replay algorithm without bit-shifting > > This document presents a new method to do anti-replay check and > update, which becomes one alternative to the anti-replay > algorithm in RFC 4302 and RFC4303. The new method will deem the > bit-shifting unnecessary. It will reduce the number of times > to slide the window. In addition, it makes bit-check and > bit-update easier as it does not depend on the low index of the > sliding window. It is especially beneficial when the window size > is much bigger than 64 bits, for example, 1024 bits. > > IPsec employs one anti-replay sliding window protocol to secure > against an adversary that can insert the messages inside the > network tunnel. This method still inherits the sliding window > protocol, but use one or more redundant bytes to ease the update > of sliding window. The bit-shifting is deemed unnecessary with > updating the high and low index of the window, which is especially > efficient in case of the big window size. Thus the method reduces > the number of times to update the window. > > In addition, the bit location is fixed for one sequence number, > thus makes the bit check easier and faster. > > Comments are more than welcome. > > > We keep our promises with one another - no matter what! > > Best Regards, > Tina TSOU > http://tinatsou.weebly.com/contact.html > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Sean Turner
- [IPsec] Draft-zhang-ipsecme-anti-replay: IPsec an… Tina Tsou
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Xiangyang zhang
- Re: [IPsec] Draft-zhang-ipsecme-anti-replay: IPse… Sean Turner