Re: replay field size

John Keating <jkeating@ire.com> Wed, 12 February 1997 17:01 UTC

Received: from cnri by ietf.org id aa08112; 12 Feb 97 12:01 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa22657; 12 Feb 97 12:01 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA27327 for ipsec-outgoing; Wed, 12 Feb 1997 11:51:52 -0500 (EST)
Message-ID: <c=US%a=_%p=IRE%l=WHO-970212170136Z-1759@who.ire.com>
From: John Keating <jkeating@ire.com>
To: "'ipsec@tis.com'" <ipsec@tis.com>
Cc: "'keating@jagunet.com'" <keating@jagunet.com>
Subject: Re: replay field size
Date: Wed, 12 Feb 1997 12:01:36 -0500
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

> Should AH and ESP both have a fixed size replay counter ? (Yes/No/Don't
Care)

I would tend to look towards the future, and ask for negotiation. ("640K
is more than anyone would ever need!") Why hardwire something that may
need to be changed at some future date? Perhaps default to a minimum
value, but don't lock it in.

> If they have a fixed size counter, what size should it be? (32 bits/64 bits)

See above, and default to 32 bits.

> Should SHA-1 output be truncated to 128 bits from 160 bits ? (Yes/No/Don't
Care)

I tend to lean towards leaving it at 160 bits. As some have mentioned,
it was designed at that, why weaken it by truncating it?


John W. Keating, III
jkeating@ire.com
These words are my own, and may not reflect the views of IRE, Inc.